Lucene search
K

234694 matches found

Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28746

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A flaw exists in the Parameter Handler component of the software, specifically within the /view work.php file. Manipulation of the en id argument can lead to a SQL injection. This issue i...

7.5CVSS5.8AI score0.00389EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.8 views

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Order System has a SQL injection vulnerability. This vulnerability arises from an unknown function in the all-orders.php file used by the...

9.8CVSS7.1AI score0.00449EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.9 views

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of the Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the cosid parameter in the file/editcostumer.php, which may lead to SQL...

9.8CVSS7.2AI score0.00329EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/29 12:0 a.m.7 views

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system developed by Code-Projects as open source. Version 1.0 of Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability stems from improper handling of the cosid parameter in the file/viewcostumer.php, which may lead ...

9.8CVSS7.2AI score0.00342EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.11 views

PT-2026-28745

Name of the Vulnerable Software and Affected Versions code-projects Accounting System version 1.0 Description A flaw exists in the Parameter Handler component of the software, specifically within the /edit costumer.php file. Manipulation of the cos id argument can lead to SQL injection. This issu...

7.5CVSS5.7AI score0.00329EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/03/28 11:30 p.m.2 views

CVE-2026-5019

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS6.9AI score0.00449EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 11:30 p.m.3 views

CVE-2026-5019 code-projects Simple Food Order System Parameter all-orders.php sql injection

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS5.8AI score0.00449EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/28 11:30 p.m.36 views

CVE-2026-5019 code-projects Simple Food Order System Parameter all-orders.php sql injection

A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be...

7.5CVSS0.00449EPSS
Exploits1References5
NVD
NVD
added 2026/03/28 11:16 p.m.8 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

9.8CVSS0.00345EPSS
Exploits1References5
NVD
NVD
added 2026/03/28 11:16 p.m.4 views

CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

9.8CVSS0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.3 views

CVE-2026-4966

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. Impacted is an unknown function of the file /admin/modroom/index.php?view=edit. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and m...

6.5CVSS6.5AI score0.0025EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.4 views

CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.3 views

CVE-2026-34386

Fleet is open source device management software. Prior to 4.81.0, a SQL injection vulnerability in Fleet's MDM bootstrap package configuration allows an authenticated user with Team Admin or Global Admin privileges to modify arbitrary team configurations, exfiltrate sensitive data from the Fleet...

8.7CVSS6AI score0.00318EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-33991

WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...

8.8CVSS5.9AI score0.00392EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/28 10:30 p.m.30 views

CVE-2026-5018 code-projects Simple Food Order System Parameter register-router.php sql injection

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS0.00345EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/28 10:30 p.m.4 views

CVE-2026-5018

A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The explo...

7.5CVSS6.9AI score0.00345EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/28 10:30 p.m.1 views

CVE-2026-5017

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS6.9AI score0.00333EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/28 10:30 p.m.3 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS5.8AI score0.00333EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/03/28 10:30 p.m.31 views

CVE-2026-5017 code-projects Simple Food Order System Parameter all-tickets.php sql injection

A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The...

7.5CVSS0.00333EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/28 4:59 p.m.3 views

CVE-2026-33770

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

9.8CVSS6AI score0.00492EPSS
Exploits1References1
Rows per page
Query Builder