18 matches found
EUVD-2022-46033
Malicious code in bioql PyPI...
Online Fire Reporting System new-requests.php File SQL Injection Vulnerability
Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter teamid in the file /admin/new-requests.php. An attacker ca...
CVE-2025-7582 PHPGurukul Online Fire Reporting System assigned-requests.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/assigned-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-7563
CVE-2025-7563 affects PHPGurukul Online Fire Reporting System 1.2. The vulnerability resides in an unknown functionality of the file /admin/completed-requests.php, where manipulating the parameter teamid leads to a SQL injection. It can be exploited remotely, and the exploit has been publicly dis...
CVE-2025-7563 PHPGurukul Online Fire Reporting System completed-requests.php sql injection
A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. Affected by this vulnerability is an unknown functionality of the file /admin/completed-requests.php. The manipulation of the argument teamid leads to sql injection. The attack can be launched remotel...
CVE-2025-7562 PHPGurukul Online Fire Reporting System new-requests.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. Affected is an unknown function of the file /admin/new-requests.php. The manipulation of the argument teamid leads to sql injection. It is possible to launch the attack remotely. The exploit has...
CVE-2022-40405
WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...
Sql injection
WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...
Sql injection
WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...
CVE-2022-40405
WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...
CVE-2022-42984
WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...
CVE-2022-40405
WoWonder Social Network Platform v4.1.2 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=load-my-blogs...
CVE-2022-42984
WoWonder Social Network Platform 4.1.4 was discovered to contain a SQL injection vulnerability via the offset parameter at requests.php?f=search&s=recipients...
Authentication flaw
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...
CVE-2022-1753
Summary: CVE-2022-1753 affects WoWonder via /requests.php, where manipulating the group_id parameter enables posting messages in other groups. The vulnerability can be triggered remotely, with some sources noting authentication may be required. This indicates a broken access control condition in ...
CVE-2022-1753 WoWonder Group requests.php access control
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument groupid allows posting messages in other groups. It is possible to launch the attack remotely but it might...
CVE-2021-26935
In WoWonder 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the eventid parameter...
Sql injection
In WoWonder 3.1, remote attackers can gain access to the database by exploiting a requests.php?f=search-my-followers SQL Injection vulnerability via the eventid parameter...