CVE-2025-14836 ZZCMS User Data Storage user_save.php cleartext storage in file

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

CampCodes Online Flight Booking Management System 注入漏洞

CampCodes Online Flight Booking Management System is an online flight booking management system from CampCodes Philippines. An injection vulnerability exists in version 1.0 of the CampCodes Online Flight Booking Management System, which originates from a SQL injection due to an incorrect...

CVE-2025-4881

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/usersave.php. The manipulation of the argument username/name leads to sql injection. The attack may be launched remotely...

CVE-2025-3331

A vulnerability, which was classified as critical, has been found in codeprojects Online Restaurant Management System 1.0. This issue affects some unknown processing of the file /paymentsave.php. The manipulation of the argument mode leads to sql injection. The attack may be initiated remotely. T...

WBCE CMS 跨站脚本漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. version 1.5.2 of WBCE CMS contains a cross-site scripting vulnerability that can be exploited to cause a cross-site scripting XSS attack via the \admin\pages\sectionssave.php namesection2 parameter...

Blackcat Cms 跨站脚本漏洞

BlackCat CMS is a PHP5, HTML5 content management system. A stored cross-site scripting vulnerability exists in BlackCat CMS 1.3.6. The vulnerability can be exploited to conduct a cross-site scripting attack via the Display Name field in backend/preferences/ajaxsave.php...

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

BlogBird Platform Multiple XSS Vulnerabilities

Exploit for php platform in category web applications ============================================== BlogBird Platform Multiple XSS Vulnerabilities ============================================== Product: BlogBird Vendor: BlogBird http://www.blogbird.nl/ Vulnerable Version: Current actual version ...

CVE-2009-4898

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.2 allows remote attackers to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the ACTION attribute of a FORM element, in conjunction with a call to the submi...

CVE-2009-1339

Cross-site request forgery CSRF vulnerability in TWiki before 4.3.1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update pages, as demonstrated by a URL for a save script in the SRC attribute of an IMG element, a related issue to CVE-2009-1434...