Exploit for Code Injection in Apache Nifi

CVE-2023-34468 — Apache NiFi 1.21.0 RCE PoC Remote Code Execu...

EUVD-2026-23705

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

Code-Projects Online Library Management System 访问控制错误漏洞

The Code-Projects Online Library Management System is an open-source online library management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Library Management System contains a vulnerability related to access control. This vulnerability stems from incorrect operation...

CVE-2026-5960

CVE-2026-5960 concerns a weakness in code-projects’ Patient Record Management System 1.0, affecting the file /db/hcpms.sql within the SQL Database Backup File Handler. The issue can lead to information disclosure and is exploitable remotely. The exploit is publicly available and categorized with ...

Code-Projects Movie Ticketing System 访问控制错误漏洞

The Code-Projects Movie Ticketing System is an open-source movie ticketing system developed by Code-Projects. Version 1.0 of the Code-Projects Movie Ticketing System contains a security vulnerability related to access control. This vulnerability stems from an information leakage issue in the...

CVE-2026-5650

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

CVE-2026-5650

A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The...

EUVD-2026-16458

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-31894

WeGIA is a web manager for charitable institutions. In 3.6.5, The patched loadBackupDB extracts tar.gz archives to a temporary directory using PHP's PharData class, then uses glob and filegetcontents to read SQL files from the extracted contents. Neither the extraction nor the file reading...

CVE-2026-33681 AVideo has Path Traversal in pluginRunDatabaseScript.json.php Enables Arbitrary SQL File Execution via Unsanitized Plugin Name

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/pluginRunDatabaseScript.json.php endpoint accepts a name parameter via POST and passes it to Plugin::getDatabaseFileName without any path traversal sanitization. This allows an authenticated admin or a...

EUVD-2026-14266

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

CVE-2026-4532 code-projects Simple Food Ordering System Database Backup food.sql file access

A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is...

EUVD-2025-30910

Malicious code in bioql PyPI...

EUVD-2023-58793

Malicious code in bioql PyPI...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

PT-2025-39186

Name of the Vulnerable Software and Affected Versions CSZ-CMS version 1.3.0 Description A SQL Injection issue exists in CSZ-CMS version 1.3.0. This allows a remote attacker to execute arbitrary code through the execSqlFile function located in the Plugin Manager.php file. The vulnerability is...

CVE-2025-29083

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the PluginManager.php file...

CVE-2025-29084

CSZ-CMS v1.3.0 is affected by a SQL injection in the Upgrade.php file (execSqlFile), enabling a remote attacker to execute arbitrary code. The vulnerability is associated with CVE-2025-29084 and is described consistently across NVD/Red Hat/CNNVD/CVE listings, with no public patch/version details ...