249 matches found
CVE-2026-1105
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...
CVE-2026-1105 EasyCMS UserAction.class.php sql injection
A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...
CVE-2023-7331
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...
CVE-2025-15249
A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...
Full Stack Bank SQL注入漏洞
Full Stack Bank is a banking system by the individual developer Krystian Pińczak. Full Stack Bank suffers from a SQL injection vulnerability that stems from unknown code manipulation of the component User Handler, which could lead to a SQL injection attack...
CVE-2025-15249 zhujunliang3 work_platform Content cross site scripting
A weakness has been identified in zhujunliang3 workplatform up to 6bc5a50bb527ce27f7906d11ea6ec139beb79c31. This vulnerability affects unknown code of the component Content Handler. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. This product...
EUVD-2025-205630
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated...
CVE-2025-15118
A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-15099
CVE-2025-15099 affects simstudioai sim up to version 0.5.27, specifically the CRON Secret Handler’s file apps/sim/lib/auth/internal.ts. The vulnerability arises from manipulation of the INTERNAL_API_SECRET parameter, enabling improper authentication. It is exploitable remotely, and publicly avail...
EUVD-2025-203259
A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /updateprogram.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...
PT-2025-50638
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view book.php. Executing manipulation of the argument book id can lead to sql injection. The attack can be executed remotely. The exploit has been made...
CVE-2025-14246
A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...
CVE-2025-13811
CVE-2025-13811 affects jsnjfz WebStack-Guns 1.0. The vulnerability is in src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java where manipulation of the argument sort enables an SQL injection. It can be exploited remotely without user interaction. Public PoC/exploit detail...
CVE-2025-13811 jsnjfz WebStack-Guns PageFactory.java sql injection
A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing a manipulation of the argument sort can lead to sql injection. It is possible to launch the atta...
CVE-2025-13241
A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2025-13241 code-projects Student Information System index.php sql injection
A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...
CVE-2025-13203
Concrete details found: Simple Cafe Ordering System 1.0 has a vulnerability in /addmem.php where manipulating the studentnum parameter enables SQL injection. Remote exploitability is indicated, and multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE lists, and Vuln enrichment) confirm the issue and ...
CVE-2025-12326
A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...
CVE-2025-12326 shawon100 RUET OJ POST Request process.php sql injection
A vulnerability was found in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. This vulnerability affects unknown code of the file /process.php of the component POST Request Handler. The manipulation of the argument un results in sql injection. The attack can be launched remotely...
CVE-2025-12279
CVE-2025-12279 affects code-projects Client Details System 1.0, with a cross-site scripting flaw in /welcome.php due to insufficient input filtering/escaping. The vulnerability is remote-exploitable and has been publicly disclosed; CVSS indicators show MEDIUM impact with LOW confidentiality/integ...