CVE-2018-25382 Zechat 1.5 SQL Injection via uname Parameter

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column...

CVE-2025-15052 code-projects Student Information System profile.php cross site scripting

A vulnerability was detected in code-projects Student Information System 1.0. This vulnerability affects unknown code of the file /profile.php. Performing manipulation of the argument firstname/lastname results in cross site scripting. The attack is possible to be carried out remotely. The exploi...

Code-Projects Student Information System 代码注入漏洞

Code-Projects Student Information System is a Code-Projects open source student information system. A code injection vulnerability exists in Code-Projects Student Information System version 1.0, which originates from the incorrect manipulation of the parameter firstname/lastname in the file...

EUVD-2025-29921

Malicious code in bioql PyPI...

EUVD-2025-28725

Malicious code in bioql PyPI...

EUVD-2024-36209

Malicious code in bioql PyPI...

CVE-2025-10411

A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/checkprofile.php of the component POST Request Handler. The manipulation of the argument profileid results in cross site...

CVE-2025-10411

CVE-2025-10411 affects itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The vulnerability is in the POST Request Handler, where manipulation of the profile_id argument in /stc-log-keeper/check_profile.php enables cross-site scripting. Exploitation can be remote, and public e...

CVE-2025-10081 SourceCodester Pet Management System profile.php unrestricted upload

A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument websiteimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be...

SourceCodester Best Employee Management System 跨站脚本漏洞

SourceCodester Best Employee Management System is a SourceCodester open source employee management system. A security vulnerability exists in version 1.0 of the SourceCodester Best Employee Management System due to an improper cleanup of the input of the parameters websiteimage, fname, lname,...

Apartment Visitors Management System mobilenumber parameter SQL Injection Vulnerability

Apartment Visitors Management System is an apartment visitor management system. Apartment Visitors Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter mobilenumber of file /admin-profile.php...

PT-2023-23533 · Unknown · Rail Pass Management System

Name of the Vulnerable Software and Affected Versions: Rail Pass Management System version 1.0 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the emial parameter of "admin-profile.php". Recommendations: For Rail Pass Management System versio...

CVE-2022-43050

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Wedding Planner 代码问题漏洞

Wedding Planner is a wedding planner program by pushpam abhishek. Designed to provide users with an easy way to plan their wedding through a web application while using real data. A code issue vulnerability exists in Wedding Planner v1.0 that stems from easy execution of arbitrary code via...

CVE-2016-1611

Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's content with arbitrary shell commands...

phorum503.txt

Vendor : Phorum URL : http://www.phorum.org Version : Phorum 5.0.3 Beta && Earlier Risk : Cross Site Scripting Description: Phorum is a web based message board written in PHP. Phorum is designed with high-availability and visitor ease of use in mind. Features such as mailing list integration, eas...