CVE-2025-7385

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...

CVE-2025-41037

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataFileManagersearch' parameter in /apprain/admin/filemanager...

CVE-2025-7385 SQL Injection in GOV CMS

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...

PT-2025-35937

Name of the Vulnerable Software and Affected Versions: GOV CMS versions prior to 4.0 Description: The input from the search query parameter in GOV CMS is not properly sanitized, leading to a Blind SQL injection. This could be exploited by an unauthenticated remote attacker. Recommendations: Ensur...

Spree Commerce 安全漏洞

Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.50.x. The vulnerability stems from improper input cleanup in the API search function and could lead to remote command execution...

Spree has Remote Command Execution vulnerability in search functionality

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

CVE-2025-50690

A Cross-Site Scripting XSS vulnerability exists in SpatialReference.org OSGeo/spatialreference.org versions prior to 2025-05-17 commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491. The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a...

Spree Commerce 安全漏洞

Spree Commerce is an e-commerce platform from Spree Open Source. A security vulnerability exists in Spree Commerce versions prior to 0.60.2 that stems from the search function not cleaning up inputs, which could lead to remote command execution...

CVE-2025-50690

CVE-2025-50690 describes a reflected XSS in SpatialReference.org (OSGeo/spatialreference.org). The issue arises from improper handling of user input in the search query parameter, enabling an unauthenticated attacker to craft a URL that reflects and executes arbitrary JavaScript in a victim’s bro...

📄 Invision Community 4.7.20 SQL Injection

Invision Community versions 4.7.20 and below have a vulnerability located within the /applications/calendar/modules/front/calendar/view.php script. Specifically, in the IPS\calendar\modules\front\calendar\view::search method: user input passed through the location request parameter is not properl...

CVE-2024-37798

Cross-site scripting XSS vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field...

CVE-2024-10331

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Record System 1.0. This issue affects some unknown processing of the file /admin/search-vehicle.php. The manipulation of the argument searchinputdata leads to sql injection. The attack may be initiated remotel...

CVE-2024-46531

phpgurukul Vehicle Record Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchinputdata parameter at /index.php...

CVE-2023-1963

A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php of the component Search. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated...

Sparx Systems Pro Cloud Server 安全漏洞

Sparx Systems Pro Cloud Server is an enterprise-class model collaboration platform from Sparx Systems Australia that supports cloud sharing and version control of EA Enterprise Architect models. A security vulnerability exists in Sparx Systems Pro Cloud Server versions prior to 6.0.165, which ste...

Bank Locker Management System search-locker-details.php File SQL Injection Vulnerability

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...

CVE-2025-2684

A vulnerability, which was classified as critical, has been found in PHPGurukul Bank Locker Management System 1.0. This issue affects some unknown processing of the file /search-report-details.php. The manipulation of the argument searchinput leads to sql injection. The attack may be initiated...

PHPGurukul Bank Locker Management System 注入漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of the search-report-details.php file. An attacker ca...

PHPGurukul Bank Locker Management System 安全漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...