Lucene search
K

54 matches found

CVE
CVE
added 2026/03/27 12:0 a.m.9 views

CVE-2026-30529

CVE-2026-30529 affects SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_user action). The vulnerability arises from improper sanitization of the username parameter, enabling an authenticated attacker to inject malicious SQL commands. Connected sources confirm the...

8.8CVSS6AI score0.00446EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/02/18 6:24 p.m.7 views

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

9.8CVSS0.00398EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/13 5:32 p.m.17 views

CVE-2025-14622 code-projects Student File Management System save_user.php sql injection

A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...

7.5CVSS0.00357EPSS
Exploits1References6
EUVD
EUVD
added 2025/11/18 3:30 p.m.3 views

EUVD-2025-197987

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...

6.5CVSS6.7AI score0.00267EPSS
Exploits1References6
NVD
NVD
added 2025/11/18 3:16 p.m.3 views

CVE-2025-13347

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...

8.8CVSS0.00267EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/11/18 1:2 p.m.10 views

CVE-2025-13347 SourceCodester Train Station Ticketing System ajax.php sql injection

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...

6.5CVSS0.00267EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/11/18 1:2 p.m.2 views

CVE-2025-13347 SourceCodester Train Station Ticketing System ajax.php sql injection

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...

6.5CVSS6.9AI score0.00267EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/11/11 3:47 a.m.6 views

CVE-2025-12929

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

9.8CVSS7.2AI score0.00394EPSS
Exploits1References1
NVD
NVD
added 2025/11/10 4:15 a.m.14 views

CVE-2025-12929

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

9.8CVSS0.00394EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-11584

Malware in sbrugna...

8.8CVSS8.6AI score0.00526EPSS
Exploits1References2
OSV
OSV
added 2025/09/15 11:15 p.m.5 views

CVE-2025-10483

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

8.8CVSS5.7AI score0.00385EPSS
Exploits1References5
OSV
OSV
added 2025/07/30 11:15 p.m.5 views

CVE-2025-8336

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=saveuser. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploi...

9.8CVSS5.8AI score0.00396EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.6 views

CVE-2024-42794

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=saveuser...

4.7CVSS4.8AI score0.00333EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:39 p.m.8 views

CVE-2021-26230

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...

6.1CVSS6.5AI score0.00872EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:17 p.m.5 views

CVE-2020-19682

A Cross Site Request Forgery CSRF vulnerability exits in ZZZCMS V1.7.1 via the saveuser funciton in save.php...

8.8CVSS7.1AI score0.00526EPSS
Exploits1
OSV
OSV
added 2024/09/16 8:15 p.m.4 views

CVE-2024-42794

Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=saveuser...

4.7CVSS5.8AI score0.00333EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/12 2:31 a.m.9 views

CVE-2024-8709 SourceCodester Best House Rental Management System admin_class.php save_user sql injection

A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function deleteuser/saveuser of the file /adminclass.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...

6.5CVSS7.4AI score0.00601EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/07/30 12:0 a.m.3 views

Medicine Tracker System 跨站请求伪造漏洞

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site request forgery vulnerability exists in Medicine Tracker System version 1.0, which stems from unknown code in file /classes/Users.php?f=saveuser that can lead to cross-site request forgery...

8.8CVSS5AI score0.00379EPSS
Exploits1References5
OSV
OSV
added 2024/03/05 12:15 a.m.3 views

CVE-2023-49548

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

8.8CVSS5.8AI score0.00761EPSS
Exploits1References2
Prion
Prion
added 2024/03/05 12:15 a.m.19 views

Sql injection

Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...

8.6AI score0.00761EPSS
Exploits1References2
Rows per page
Query Builder