CVE-2026-57588

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4356

A flaw has been found in itsourcecode University Management System 1.0. Affected is an unknown function of the file /addresult.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2026-4356

Affects itsourcecode University Management System 1.0. The vulnerability is in an unknown function of the file /add_result.php; manipulating the vr argument enables cross-site scripting. The attack can be conducted remotely and, per the sources, exploits have been published and may be used. No re...

EUVD-2026-12249

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-4189

A weakness has been identified in phpipam up to 1.7.4. The impacted element is an unknown function of the file app/admin/sections/edit-result.php of the component Section Handler. Executing a manipulation of the argument subnetOrdering can lead to sql injection. The attack may be launched remotel...

CVE-2026-3982

CVE-2026-3982 affects itsourcecode University Management System 1.0. A vulnerability exists in an unknown functionality of the file /view_result.php, where manipulating the vr argument can trigger cross-site scripting. The attack is remotely executable (network access) and the exploit has been pu...

itsourcecode University Management System 代码注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter “vr” in the...

PT-2026-24921

A vulnerability was determined in itsourcecode University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view result.php. Executing a manipulation of the argument vr can lead to cross site scripting. The attack can be executed remotely. The exploit...

CVE-2026-3747

The CVE-2026-3747 entry concerns itsourcecode University Management System version 1.0. The vulnerability is an SQL injection in the file /add_result.php (subject parameter manipulation) that can be triggered remotely. Public exploitation is noted. Multiple sources corroborate impact on confident...

PT-2026-23971

Name of the Vulnerable Software and Affected Versions itsourcecode University Management System version 1.0 Description A flaw exists in itsourcecode University Management System that allows for SQL injection. The issue is located in the /view result.php file. Manipulating the seme argument can...

e-Diary Management System search-result.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the searchdata parameter of the search-result.php file. An attacker ca...

Restaurant Table Booking System /search-result.php File SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that stems from incorrect manipulation of the searchdata parameter in the /search-result.php file that can lead to SQL injection. No details of the...

PT-2025-3819 · Unknown · Code-Projects Online Book Shop

Name of the Vulnerable Software and Affected Versions: code-projects Online Book Shop version 1.0 Description: A critical issue has been found in the code-projects Online Book Shop. It affects an unknown function of the file /search result.php. The manipulation of the argument s leads to SQL...

CVE-2025-0198

A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0. This issue affects some unknown processing of the file /user/searchresult.php. The manipulation of the argument id leads to sql injection. The attack may be...

PT-2025-3771 · Code Projects · Code-Projects Point Of Sales/Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /user/search result.php. The manipulation of the id argument leads to SQ...

CVE-2024-10607

A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. The exploit...

CVE-2024-7377

A vulnerability has been found in SourceCodester Simple Realtime Quiz System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewresult.php. The manipulation of the argument qid leads to sql injection. The attack can be launched remotely. Th...