Lucene search
K

87 matches found

NVD
NVD
added 2025/09/15 11:15 p.m.5 views

CVE-2025-10483

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

8.8CVSS0.00385EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/15 10:32 p.m.12 views

CVE-2025-10483 SourceCodester Online Student File Management System save_user.php sql injection

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS0.00385EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.5 views

SourceCodester Online Student File Management SQL注入漏洞

SourceCodester Online Student File Management is a SourceCodester open source online student file management system. A SQL injection vulnerability exists in SourceCodester Online Student File Management version 1.0, which stems from an incorrect manipulation of the parameter firstname in the file...

8.8CVSS6.9AI score0.00385EPSS
Exploits1References6
Snyk
Snyk
added 2025/07/22 10:48 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview in2code/femanager is a Modern TYPO3 Frontend User Registration. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the identity parameter when saving user-submitted data. An attacker can gain unauthorized access and modify sensitive...

6.5CVSS6.8AI score0.00209EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 9:5 a.m.6 views

CVE-2024-7226

A vulnerability was found in SourceCodester Medicine Tracker System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /classes/Users.php?f=saveuser of the component Password Change Handler. The manipulation leads to cross-site request forgery. The attac...

8.8CVSS6.9AI score0.00402EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.5 views

CVE-2023-0988

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0. This issue affects some unknown processing of the file admin/ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. The attack may be initiated remotel...

8.8CVSS6.9AI score0.00465EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/12/06 12:0 a.m.4 views

WordPress plugin Online Booking & Scheduling Calendar for WordPress by vcita 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...

5.4CVSS7.2AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/04 12:0 a.m.3 views

PT-2024-16528 · Unknown · Codezips Free Exam Hall Seating Management System

Name of the Vulnerable Software and Affected Versions: Codezips Free Exam Hall Seating Management System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /pages/save user.php. The manipulation of the image argument leads to unrestricted...

9.8CVSS6.7AI score0.00528EPSS
Exploits1References9
Packet Storm
Packet Storm
added 2024/09/30 12:0 a.m.242 views

Simple Music Management System 1.0 Add Administrator / Cross Site Request Forgery

============================================================================================================================================= | Title : Simple Music Management System v1.0 CSRF Add ADmin Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.9 views

PT-2024-30167 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: The issue is related to Incorrect Access Control. It can be found in the /music/ajax.php endpoint, specifically when the action parameter is set to save user. This allows for...

4.7CVSS6.8AI score0.00333EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2024/08/29 12:0 a.m.220 views

Task Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Task Management System 1.0 CSRF add staff Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/28 8:15 p.m.4 views

CVE-2024-42793

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...

8CVSS5.8AI score0.00228EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/08/28 12:0 a.m.3 views

PT-2024-30166 · Unknown · Kashipara Music Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Music Management System version 1.0 Description: A Cross-Site Request Forgery CSRF issue was found in the system. This can be exploited through a crafted request to the "/music/ajax.php?action=save user" page. Recommendations: For...

8CVSS7AI score0.00228EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/08/28 12:0 a.m.16 views

CVE-2024-42793

A Cross-Site Request Forgery CSRF vulnerability was found in Kashipara Music Management System v1.0 via a crafted request to the /music/ajax.php?action=saveuser page...

0.00228EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2024/08/20 12:0 a.m.284 views

Loan Management System 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Loan Management System 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits...

7.4AI score
Exploits0
OSV
OSV
added 2024/08/01 9:16 p.m.3 views

CVE-2024-7367

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Realtime Quiz System 1.0. This affects an unknown part of the file /ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit...

8.8CVSS4.9AI score
Exploits0References4
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.6 views

SourceCodester Simple Realtime Quiz System 跨站请求伪造漏洞

SourceCodester Simple Realtime Quiz System is a real-time quiz system from SourceCodester, Inc. A cross-site request forgery vulnerability exists in version 1.0 of the SourceCodester Simple Realtime Quiz System, which is caused by a cross-site request forgery vulnerability contained in the...

8.8CVSS4.9AI score0.00346EPSS
Exploits1References5
OSV
OSV
added 2024/05/16 4:15 a.m.4 views

CVE-2024-4929

A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=saveuser. The manipulation leads to cross-site request forgery. It is possible to initiate the...

4.3CVSS4.8AI score0.00337EPSS
Exploits1References4
CNVD
CNVD
added 2024/03/08 12:0 a.m.42 views

Customer Support System SQL Injection Vulnerability (CNVD-2024-14031)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

8.8CVSS8.1AI score0.00761EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/03/05 12:15 a.m.5 views

CVE-2023-49548

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

8.8CVSS5.9AI score0.00761EPSS
Exploits1References3
Rows per page
Query Builder