54 matches found
CVE-2026-30529
CVE-2026-30529 affects SourceCodester Online Food Ordering System v1.0, specifically in Actions.php (save_user action). The vulnerability arises from improper sanitization of the username parameter, enabling an authenticated attacker to inject malicious SQL commands. Connected sources confirm the...
CVE-2025-70152
code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...
CVE-2025-14622 code-projects Student File Management System save_user.php sql injection
A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/saveuser.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released...
EUVD-2025-197987
A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...
CVE-2025-13347
A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...
CVE-2025-13347 SourceCodester Train Station Ticketing System ajax.php sql injection
A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...
CVE-2025-13347 SourceCodester Train Station Ticketing System ajax.php sql injection
A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=saveuser. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published...
CVE-2025-12929
A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...
CVE-2025-12929
A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...
EUVD-2020-11584
Malware in sbrugna...
CVE-2025-10483
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...
CVE-2025-8336
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=saveuser. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploi...
CVE-2024-42794
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=saveuser...
CVE-2021-26230
Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...
CVE-2020-19682
A Cross Site Request Forgery CSRF vulnerability exits in ZZZCMS V1.7.1 via the saveuser funciton in save.php...
CVE-2024-42794
Kashipara Music Management System v1.0 is vulnerable to Incorrect Access Control via /music/ajax.php?action=saveuser...
CVE-2024-8709 SourceCodester Best House Rental Management System admin_class.php save_user sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function deleteuser/saveuser of the file /adminclass.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...
Medicine Tracker System 跨站请求伪造漏洞
Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site request forgery vulnerability exists in Medicine Tracker System version 1.0, which stems from unknown code in file /classes/Users.php?f=saveuser that can lead to cross-site request forgery...
CVE-2023-49548
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...
Sql injection
Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customersupport/ajax.php?action=saveuser...