CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2025-57529

YouDataSum CPAS Audit Management System =v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted input to the parameter. Successful exploitation could...

CVE-2026-1124

A security flaw has been discovered in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workreport.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the...

CVE-2025-66214

CVE-2025-66214 describes a Java deserialization vulnerability in Ladybug before version 3.0-20251107.114628. The affected component exposes the API endpoints /iaf/ladybug/api/report/{storage} and /iaf/ladybug/api/report/upload, which accept gzip-compressed XML files with user-controllable content...

CVE-2025-11146

Reflected Cross-site scripting XSS in Apt-Cacher-NG v3.2.1. The vulnerability allows an attacker to execute malicious scripts XSS in the web management application. The vulnerability is caused by improper handling of GET inputs included in the URL in “/acng-report.html”...

CVE-2025-9509

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-9594

A vulnerability has been found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /report/complaininfo.php. The manipulation of the argument vid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-9593 itsourcecode Apartment Management System unit_status_info.php sql injection

A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unitstatusinfo.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

PT-2025-35150

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection flaw exists due to manipulation of the usid argument in the /report/unit status info.php file. The attack can be executed remotely. The exploit has been...

CVE-2025-9509

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

PT-2025-34832

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security flaw exists in itsourcecode Apartment Management System version 1.0 related to the processing of the /report/fair info all.php file. Manipulation of the fid argument...

CVE-2025-8993

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2025-8993 itsourcecode Online Tour and Travel Management System expense_report.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/expensereport.php. The manipulation of the argument fromdate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclos...

CVE-2024-6618

CVE-2024-6618 affects Ocean Data Systems Dream Report (and AVEVA Reports for Operations). The root cause is errors in processing relative paths to directories, enabling path traversal that could allow remote code execution via injection of a malicious DLL. Affected products/versions include Dream...

Zoo Management System SQL注入漏洞

Zoo Management System is a zoo management system by the individual developer Carlo Montero. It provides an online and automated platform for zoo organizations to manage their daily records. A SQL injection vulnerability exists in version 2.1 of the PHPGurukul Zoo Management System, which stems fr...

Best POS Management System SQL注入漏洞

Best pos management system is a best pos management system by Mayuri K. Individual developer. A security vulnerability exists in Best POS Management System version 1.0, which originates from a SQL injection vulnerability via the month parameter in /kruxton/salesreport.php...

CVE-2022-34611

A cross-site scripting XSS vulnerability in /index.php/?p=report of Online Fire Reporting System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "Contac " text field...

Online Fire Reporting System 跨站脚本漏洞

Online Fire Reporting System is an online fire reporting system by Carlo Montero Personal Developer. A security vulnerability exists in Online Fire Reporting System v1.0, which originates from a cross-site scripting XSS vulnerability in /index.php/?p=report. The vulnerability can be exploited by ...

CVE-2022-31953

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidentreports/viewreport.php?id=...