12 matches found
CVE-2026-47744
Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to take over the RBAC system. Settings/Team/Index had no mount authorization. Any authenticated user could load the page and use its public...
CVE-2026-3261
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...
CVE-2026-3261
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...
CVE-2026-3261
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...
CVE-2026-3261 itsourcecode School Management System Setting index.php sql injection
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...
CVE-2026-3261
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published an...
itsourcecode School Management System SQL注入漏洞
itsourcecode School Management System is an open-source school management system developed by itsourcecode. Version 1.0 of itsourcecode School Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file /settings/index.php...
PT-2026-22191
Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System 1.0 related to SQL injection. The issue is located in the file /settings/index.php within the Setting Handler component...
CVE-2023-44042
A stored cross-site scripting XSS vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter...
Blackcat Cms Cross-Site Scripting Vulnerability
Blackcat Cms is a Php-based content management system from the Blackcat team. A security vulnerability exists in Blackcat Cms version 1.4.1, which originates from a cross-site scripting XSS vulnerability in /settings/index.php that allows an attacker to inject a crafted payload via the site heade...
Blackcat Cms Cross-Site Scripting Vulnerability
Blackcat Cms is a Php-based content management system from the Blackcat team. A cross-site scripting vulnerability exists in Blackcat Cms version 1.4.1, which stems from a cross-site scripting XSS vulnerability in /settings/index.php that allows an attacker to inject a crafted payload via the sit...
PT-2023-29080 · Unknown · Blackcat Cms
Name of the Vulnerable Software and Affected Versions: Black Cat CMS version 1.4.1 Description: A cross-site scripting XSS vulnerability exists in Black Cat CMS, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload. This issue is present in two locations: the...