SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs POST /api/graph/getGraph, POST /api/graph/getLocalGraph, POST /api/sync/setSyncInterval, POST /api/storage/updateRecentDocViewTime, POST /api/storage/updateRecentDocCloseTime, POST...

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability. This vulnerability stems from improper handling of parameters by the unknown function in...

PT-2026-28732

Name of the Vulnerable Software and Affected Versions Simple Food Order System version 1.0 Description A flaw exists in Simple Food Order System 1.0 related to the handling of parameters. Specifically, manipulating the Name argument can lead to SQL injection. This issue affects an unknown functio...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal due to improper validation of user-supplied paths in router.go. An attacker can access sensitive files on the server by crafting requests with directory traversal sequences in the URL path. Remediation A fix was...

CVE-2025-9832

CVE-2025-9832 affects SourceCodester Food Ordering Management System 1.0. The vulnerability is in an unknown function within /routers/register-router.php where manipulation of the phone parameter enables SQL injection. It can be exploited remotely and exploit details have been publicly disclosed....

ruoyi-go 安全漏洞

ruoyi-go is a backend management system for individual developers at lostvip.com. A security vulnerability exists in ruoyi-go 2.1 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter orderByColumn/isAsc in the file modules/system/systemrouter.go...

CVE-2022-29332

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...

Kirby vulnerable to path traversal in the router for PHP's built-in server

TL;DR This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software such as Apache, nginx or Caddy are not affected. ---- Introduction For use with PHP's built-in web server, Kirby...

CVE-2025-4548

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-4548 Campcodes Online Food Ordering System router.php sql injection

A vulnerability classified as critical has been found in Campcodes Online Food Ordering System 1.0. This affects an unknown part of the file /routers/router.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

PT-2024-15062

Name of the Vulnerable Software and Affected Versions Nokia SR OS routers affected versions not specified Description The issue allows low-privilege authenticated users with "access console" to gain read-write access to the entire file system via SFTP or SCP. This access enables them to read or...

Food Ordering Management System SQL注入漏洞

Food Ordering Management System is a food ordering management system by Carlo Montero, an individual developer. It provides an online platform to order food from a restaurant or fast food chain. A SQL injection vulnerability exists in Food Ordering Management System version 1.0, which originates ...

CVE-2024-6217

A vulnerability classified as critical was found in SourceCodester Food Ordering Management System 1.0. Affected by this vulnerability is an unknown functionality of the file user-router.php. The manipulation of the argument 1verified leads to sql injection. The attack can be launched remotely. T...

PT-2024-37459 · Sourcecodester · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester Food Ordering Management System. The issue affects an unknown functionality of the file user-router.php. The...

CVE-2022-29332

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...

CVE-2022-29332

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...

Directory traversal

D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server...

D-Link DIR-865L Path Traversal Vulnerability

The D-Link DIR-865L is a wireless router from AUO D-Link of Taiwan, China. A security vulnerability exists in the D-Link DIR-865L that stems from a failure to properly configure the SMB service. The vulnerability can be exploited to create a symbolic link to the root directory of the router's fil...

Assessing the security of a portable router: a look inside its hardware, part deux

In part two of our blog assessing the security of a portable router, we will acquire the tools and equipment to make a copy of the firmware on our target router so that we can assess the full firmware. Sometimes, the manufacturer has an updated firmware that is available on their website. It coul...