CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16 matches found

RedhatCVE•added 2025/12/29 3:58 p.m.•3 views

CVE-2025-15142

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and...

7.5CVSS7.4AI score0.0002EPSS

Exploits0References1

NVD•added 2025/12/28 4:15 p.m.•4 views

CVE-2025-15142

7.5CVSS0.0002EPSS

Exploits0References4

RedhatCVE•added 2025/09/26 9:45 p.m.•3 views

CVE-2025-10973

A flaw has been found in JackieDYH Resume-management-system up to fb6b857d852dd796e748ce30c606fe5e61c18273. Affected by this issue is some unknown functionality of the file /admin/show.php. This manipulation of the argument userid causes sql injection. The attack may be initiated remotely. The...

7.5CVSS6.5AI score0.0003EPSS

Exploits0References1

Cvelist•added 2025/09/25 9:2 p.m.•9 views

CVE-2025-10973 JackieDYH Resume-management-system show.php sql injection

7.5CVSS0.0003EPSS

Exploits0References4

CNNVD•added 2025/09/25 12:0 a.m.•2 views

Resume management system SQL注入漏洞

Resume management system is a resume management system by JackieDYH Personal Developer. A SQL injection vulnerability exists in the Resume management system, which stems from an incorrect manipulation of the parameter userid in the file /admin/show.php, which could lead to a SQL injection attack...

7.5CVSS7.7AI score0.0003EPSS

Exploits0References4

VulnCheck KEV•added 2025/06/05 12:0 a.m.•0 views

VulnCheck KEV: CVE-2024-42009

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

9.3CVSS5.7AI score0.90482EPSS

Exploits5References1

RedhatCVE•added 2025/05/23 6:21 a.m.•1 views

CVE-2024-10730

A vulnerability, which was classified as critical, has been found in Tongda OA up to 11.6. This issue affects some unknown processing of the file /pda/appcenter/webshow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

9.8CVSS7.2AI score0.00244EPSS

Exploits1References1

OSV•added 2024/12/02 7:15 p.m.•1 views

CVE-2024-52724

ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php...

9.8CVSS5.8AI score

Exploits0References2

SUSE CVE•added 2024/08/07 2:36 a.m.•1 views

SUSE CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

9.3CVSS6.3AI score0.90482EPSS

Exploits5References4

OSV•added 2024/03/18 2:15 p.m.•3 views

CVE-2024-2592

Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/picshow.php, in the 'personid' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB...

7.5CVSS5.9AI score

Exploits0References1

CNNVD•added 2024/02/09 12:0 a.m.•3 views

Hotel Managment System SQL Injection Vulnerability

Hotel Managment System is an open source hotel management system from Code-projects. Hotel Managment System version 1.0 suffers from a SQL injection vulnerability that originates from allowing SQL injection via the sid parameter in Hotel/admin/show.php...

9.8CVSS8AI score0.00157EPSS

Exploits1References2

ATTACKERKB•added 2022/03/25 4:15 p.m.•1 views

CVE-2022-25574

A stored cross-site scripting XSS vulnerability in the upload function of /admin/show.php allows attackers to execute arbitrary web scripts or HTML via a crafted image file...

4.8CVSS5.5AI score0.00288EPSS

Exploits0References3

CNVD•added 2018/12/29 12:0 a.m.•1 views

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00998)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/show.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML wi...

4.8CVSS6AI score0.00235EPSS

Exploits1References1

CNVD•added 2018/03/16 12:0 a.m.•1 views

Stored Cross-Site Scripting Vulnerability in ZZCMS Version 8.2

zzcms is a free website builder developed in asp language. A stored cross-site scripting vulnerability exists in the show.php file of zzcms version 8.2, which allows an attacker to insert malicious code into the page to obtain information such as user cookies...

6.1AI score

Exploits0

CNVD•added 2016/08/26 12:0 a.m.•1 views

SQL Injection Vulnerability in zzcms /dl/show.php

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. The latest product version of zzcms has SQL injection vulnerability, the vulnerability trigger point in /dl/show.php, the attacker can use the vulnerability to obtain sensitive...

7.8AI score

Exploits0References1

Packet Storm•added 2008/09/11 12:0 a.m.•31 views

ezphotogallery21-sqlxssbypass.txt

!/usr/bin/perl ---------------------------------------------------------------- Script : Ezphotogallery 2.1 Type : Multiple Vulnerabilities Xss/Login Bypass/Sql injection Exploit/File Disclosure Method : GET Alert : High Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by