CVE-2026-0576 code-projects Online Product Reservation System Parameter prod.php sql injection

A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...

Tenda FH1201 /goform/GstDhcpSetSer File Buffer Overflow Vulnerability

The Tenda FH1201 is a wireless router from Tenda China. The Tenda FH1201 version 1.2.0.14408 suffers from a buffer overflow vulnerability, which originates from the parameter dips in the file /goform/GstDhcpSetSer that fails to correctly validate the length of the input data, which can be exploit...

CVE-2025-4886

A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/productupdate.php. The manipulation of the argument serial leads to sql injection. The attack can be launched remotely. Th...

CVE-2025-4885

A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument serial leads to sql injection. It is possible to launch the attack remotely. The exploit has be...

itsourcecode Sales and Inventory System 注入漏洞

itsourcecode Sales and Inventory System is itsourcecode open source a sales and inventory system . An injection vulnerability exists in itsourcecode Sales and Inventory System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter serial in the file...

itsourcecode Sales and Inventory System 注入漏洞

itsourcecode Sales and Inventory System is itsourcecode open source a sales and inventory system . An injection vulnerability exists in itsourcecode Sales and Inventory System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter serial in the file...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

An improper access control IDOR vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server SAS 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the...

CVE-2024-46937

The CVE-2024-46937 entry concerns MFASOFT Secure Authentication Server (SAS) 1.8.x–1.9.x prior to 1.9.040924, where an improper access control (IDOR) allows remote attackers to access user tokens without authentication via the /api-selfportal/get-info-token-properties endpoint. The root cause is ...

CVE-2021-44385

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. SetPtzSerial param is not object. An attacker can send an HTTP request to trigger this vulnerability...

Reflected Cross-Site Scripting Vulnerability in the usbkey_Serial Parameter of the Enterprise Intelligence Network Management System

Enterprise Intelligence products are intranet management expert services. A reflective cross-site scripting vulnerability exists in the usbkeySerial parameter of the Enterprise Intelligence network management system. It allows an attacker to construct an XSS statement to directly trigger a pop-up...

CVE-2015-7360

Multiple cross-site scripting XSS vulnerabilities in the Web User Interface WebUI in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 serial parameter to alerts/summary/profile/; the 2 urlForCreatingReport parameter to csearch/report/export/...