CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

Kashipara Online Exam System 安全漏洞

Kashipara Online Exam System is an online exam system from Kashipara. A security vulnerability exists in version V1.0 of the kashipara Online Exam System, which originates from unvalidated parameters rname, rcollage, rnumber, rgender, and rpassword in the /exam/user/profile.php page, which could...

EUVD-2026-1912

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

CVE-2025-51567

CVE-2025-51567 affects Kashipara Online Exam System V1.0. The vulnerability is an SQL Injection in the /exam/user/profile.php page. The issue is triggered via POST parameters rname, rcollage, rnumber, rgender, and rpassword, allowing remote attackers to execute arbitrary SQL commands and potentia...

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

CVE-2025-51567

A SQL Injection was found in the /exam/user/profile.php page of kashipara Online Exam System V1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the rname, rcollage, rnumber, rgender and rpassword parameters in a POST HTTP request...

EUVD-2025-199993

A cross-site scripting XSS vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript...

CVE-2025-0881

A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The explo...

Codezips Gym Management System 安全漏洞

Codezips Gym Management System is an open source gym management system from Codezips. A security vulnerability exists in Codezips Gym Management System version 1.0, which stems from the parameter rname in the file /dashboard/admin/saveroutine.php that can lead to SQL injection...

CVE-2024-40478

A Stored Cross Site Scripting XSS vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields...

PT-2024-28865 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/admin/afeedback.php" endpoint, allowing remote attackers to execute arbitrary code via the rname and email parameter fields. This...

SQL Injection Vulnerability in hdcms Framework rname Parameter

HDCMS is a content management system package written in PHP. A SQL injection vulnerability exists in the rname parameter of the hdcms framework, as the program fails to adequately filter the rname parameter and only does corresponding code auditing on the source code. An attacker is allowed to...