CVE-2026-10263 SourceCodester Computer Repair Shop Management System manage_product.php sql injection

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manageproduct.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-5836

Affected software and entry point: code-projects Online Shoe Store 1.0, vulnerable via /admin/admin_product.php with manipulation of the product_name parameter. Vulnerability type: cross site scripting (XSS). Impact/conditions: remote initiation; affects user input handling in the admin context; ...

SourceCodester Inventory System 跨站脚本漏洞

The SourceCodester Inventory System is an open-source inventory system developed by SourceCodester. Version 1.0 of the SourceCodester Inventory System has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the limit parameter in the viewproduct.php file,...

CVE-2025-15408

CVE-2025-15408 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in /admin/Create_product.php via the dre_title parameter. Exploitation is possible remotely and the exploit has been publicly released. Connected documents confirm the root cause (unsafely processed...

CVE-2025-13423

A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The impacted element is an unknown function of the file /admin/adminproduct.php. Executing a manipulation of the argument productimage can lead to unrestricted upload. The attack may be launched remotely. The exploit has...

CVE-2025-13260

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/editproduct.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2025-13260

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/editproduct.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2025-13260 Campcodes Supplier Management System edit_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/editproduct.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

FoxCMS Cross-Site Scripting Vulnerability

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS. FoxCMS 1.2.16 and previous versions of the existence of cross-site scripting vulnerability, the vulnerability stems from the file app/admin/controller/Product.php parameter Title on the user-provided data...

CVE-2025-12338

A weakness has been identified in Campcodes Retro Basketball Shoes Online Store 1.0. This vulnerability affects unknown code of the file /admin/adminproduct.ph. Executing a manipulation of the argument pid can lead to sql injection. The attack may be launched remotely. The exploit has been made...

CVE-2025-11487

A security flaw has been discovered in SourceCodester Farm Management System 1.0. Affected by this issue is some unknown functionality of the file /uploadProduct.php. Performing manipulation of the argument Type results in sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-11396

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2025-11396

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

EUVD-2025-26066

Malicious code in bioql PyPI...

CVE-2025-10808

CVE-2025-10808 affects Campcodes Farm Management System 1.0. The vulnerability is an SQL injection in the file /uploadProduct.php where manipulating the Type argument enables remote exploitation. Public exploits are available. Impact is described as high (SQL injection), with attacker control ove...

CVE-2025-9692 Campcodes Online Shopping System product.php sql injection

A vulnerability was found in Campcodes Online Shopping System 1.0. Affected is an unknown function of the file /product.php. Performing manipulation of the argument p results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used...

CVE-2025-8235

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...

CVE-2025-6820

A vulnerability was found in code-projects Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /phpaction/createProduct.php. The manipulation of the argument productName leads to sql injection. The attack may be launched...

CVE-2025-6343 code-projects Online Shoe Store admin_product.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /admin/adminproduct.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2023-23010

Cross Site Scripting XSS vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 on Dec 27, 2022, allows attackers to execute arbitrary code via the languages and transload parameters in file addproduct.php...