87 matches found
CVE-2025-10483
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...
CVE-2025-10483 SourceCodester Online Student File Management System save_user.php sql injection
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...
SourceCodester Online Student File Management SQL注入漏洞
SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A SQL injection vulnerability exists in SourceCodester Online Student File Management version 1.0, which stems from an incorrect manipulation of the parameter firstname in the file...
Authorization Bypass Through User-Controlled Key
Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the identity parameter when saving user-submitted data. An attacker can gain unauthorized access and modify sensitive...
CVE-2024-7226
A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=saveuser of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attac...
CVE-2023-0988
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. The attack may be initiated remotel...
WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2024-16528 · Unknown · Codezips Free Exam Hall Seating Management System
Name of the Vulnerable Software and Affected Versions: Codezips Free Exam Hall Seating Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /pages/save user.php. The manipulation of the image argument leads to unrestricted...
Simple Music Management System 1.0 Add Administrator / Cross Site Request Forgery
============================================================================================================================================= | Title : Simple Music Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...
PT-2024-30167 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: The issue is related to Incorrect Access Control. It can be found in the /music/ajax.php endpoint, specifically when the action parameter is set to save user. This allows for...
Task Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Task Management System 1.0 CSRF add staff Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...
CVE-2024-42793
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...
PT-2024-30166 · Unknown · Kashipara Music Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system. This can be exploited through a crafted request to the "/music/ajax.php?action=save user" page. Recommendations: For...
CVE-2024-42793
A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...
Loan Management System 1.0 Cross Site Request Forgery
============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...
CVE-2024-7367
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit...
SourceCodester Simple Realtime Quiz System 跨站请求伪造漏洞
SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A cross-site request forgery vulnerability exists in version 1.0 of the SourceCodester Simple Realtime Quiz System, which is caused by a cross-site request forgery vulnerability contained in the...
CVE-2024-4929
A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the...
Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)
Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...
CVE-2023-49548
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...