103 matches found
PT-2025-36535
Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 4.0 Description: A SQL injection issue exists in PHPGurukul Small CRM version 4.0, specifically within the /profile.php file. The Name parameter is susceptible to manipulation, allowing for remote exploitation. Th...
SourceCodester Petshop Management System 代码问题漏洞
SourceCodester Petshop Management System is SourceCodester open source a pet store management system . A code issue vulnerability exists in SourceCodester Petshop Management System version 1.0, which stems from improper handling of parameters in the /admin/profile.php file, which can lead to...
PHPGurukul Time Table Generator System 安全漏洞
Time Table Generator System is a time table generator system. A cross-site scripting vulnerability exists in Time Table Generator System, which stems from the adminname parameter in the /admin/profile.php file not effectively filtering user input. No details of the vulnerability are available at...
PHPGurukul Employee Record Management System 注入漏洞
Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter EmpCode in the file /myprofile.php. An attacker...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2023-49912
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2025-4153
A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The...
PT-2025-6192 · WordPress · Geodirectory – Wp Business Directory Plugin
Name of the Vulnerable Software and Affected Versions: The GeoDirectory – WP Business Directory Plugin and Classified Listings Directory plugin for WordPress versions up to, and including, 2.8.97 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitizati...
CVE-2024-12951
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /addpersonaldetails.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The...
PT-2024-17823 · Unknown · 1000 Projects Portfolio Management System Mca
Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical vulnerability has been found in the 1000 Projects Portfolio Management System MCA. The issue is related to an unknown function of the file /add personal...
1000 Projects Portfolio Management System MCA 安全漏洞
1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from an incorrect manipulation of the parameter profile that can lead to...
1000 Projects Portfolio Management System MCA 安全漏洞
1000 Projects Portfolio Management System MCA is an open source portfolio management system from 1000 Projects. A security vulnerability exists in 1000 Projects Portfolio Management System MCA version 1.0, which stems from an incorrect manipulation of the parameter profile that can lead to...
CVE-2024-5584
The WordPress Online Booking and Scheduling Plugin – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Color Profile parameter in all versions up to, and including, 23.2 due to insufficient input sanitization and output escaping. This makes it possible for...
Wordpress Bookly plugin <= 23.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Color Profile Parameter vulnerability
Authenticated Subscriber+ Stored Cross-Site Scripting via Color Profile Parameter vulnerability discovered by 0xBishop in WordPress Plugin Bookly versions = 23.2...
CVE-2023-49912
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2023-49908
A stack-based buffer overflow vulnerability exists in the web interface Radio Scheduling functionality of Tp-Link AC1350 Wireless MU-MIMO Gigabit Access Point EAP225 V3 v5.1.0 Build 20220926. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can make an...
CVE-2024-27744
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component...
SourceCodester Employee Management System SQL Injection Vulnerability
SourceCodester Employee Management System is a php-based website builder for employee performance management from SourceCodester. A SQL injection vulnerability exists in SourceCodester Employee Management System version 1.0, which is caused by a sql injection vulnerability in the txtfullname...
CVE-2023-50753
Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'dd' parameter of the user/updateprofile.php resource does not validate the characters received and they are sent unfiltered to the database...
Online Notice Board System SQL Injection Vulnerability
Online Notice Board System is an online bulletin board system. A SQL injection vulnerability exists in the v1.0 version of Online Notice Board System, which occurs when the dd parameter of the user/updateprofile.php page is processed without filtering the data and sending it to the database for...