CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

EUVD-2020-30160

Malware in sbrugna...

EUVD-2025-5427

Malicious code in bioql PyPI...

CVE-2025-5974

A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be...

CVE-2025-5974 PHPGurukul Restaurant Table Booking System check-status.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this issue is some unknown functionality of the file /check-status.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be...

CVE-2025-5974

The CVE-2025-5974 entry applies to PHPGurukul Restaurant Table Booking System 1.0. A vulnerability in /check-status.php arises from unsafely handling the searchdata parameter, enabling cross-site scripting. The issue could be exploited remotely and, according to public disclosures, the exploit is...

CVE-2024-51101

PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php...

CVE-2020-9339

SOPlanning 1.45 allows XSS via the Name or Comment to status.php...

CVE-2019-8429

ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php filterQueryterms0cnj parameter...

CVE-2025-4491

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-4491 Campcodes Online Food Ordering System ticket-status.php sql injection

A vulnerability classified as critical was found in Campcodes Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. The attack can be initiated remotely. The exploit has be...

CVE-2025-21626

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...

CVE-2025-21626 GLPI vulnerable to exposure of sensitive information in the `status.php` endpoint

GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the status.php endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the status.p...

CVE-2025-21626

GLPI is an asset/IT management product vulnerable up to version 10.0.18 due to an anonymous user able to fetch sensitive data from status.php. The issue is fixed in 10.0.18; mitigations include deleting status.php, restricting access, or sanitizing sensitive values in LDAP directories and related...

PT-2025-6928 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions 0.71 through 10.0.17 Description: The issue allows an anonymous user to fetch sensitive information from the "status.php" endpoint. There is no information about the estimated number of potentially affected devices worldwide or...

CVE-2024-8416

SourceCodester Food Ordering Management System 1.0 contains a SQL injection in /routers/ticket-status.php via the ticket_id parameter. The vulnerability is exploitable remotely and has been disclosed publicly. Root cause: improper handling of the ticket_id input leading to SQL injection. Impact r...

CVE-2023-6074

CVE-2023-6074 affects PHPGurukul Restaurant Table Booking System v1.0, specifically the check-status.php in the Booking Reservation Handler. The vulnerability is a SQL injection stemming from processing in that file, with remote exploitation implied. Connected sources (PT-Security PT-2023-32499, ...

SUSE CVE-2017-11631

dapur/app/appuser/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter...

SOPlanning Cross-Site Scripting Vulnerability

SOPlanning is an online planning tool for efficiently organizing projects and tasks. A cross-site scripting vulnerability exists in SOPlanning 1.45. An attacker can exploit this vulnerability to execute arbitrary javascript via Name or Comment in status.php...

CVE-2020-9339

SOPlanning 1.45 allows XSS via the Name or Comment to status.php...