CVE-2025-14578

A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /updateaccount.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

CVE-2025-14578

A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /updateaccount.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which stems from incorrect manipulation of the parameter ID in the file /updateaccount.php, which...

PT-2025-50976

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0. The issue involves the manipulation of the ID argument within an unknown function of the /update account.php file,...

CVE-2025-14089

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-14089

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-14089 Himool ERP AdminActionViewSet update_account improper authorization

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

EUVD-2025-201426

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-14089 Himool ERP AdminActionViewSet update_account improper authorization

A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function updateaccount of the file /api/admin/updateaccount/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is public...

CVE-2025-10421

The CVE-2025-10421 entry concerns SourceCodester Student Grading System 1.0. Affected component: the file /update_account.php. Root cause: manipulation of the ID parameter enables SQL injection, with remote exploitation possible and an exploit published. Impact is consistent with the vulnerabilit...

CVE-2025-10421 SourceCodester Student Grading System update_account.php sql injection

A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /updateaccount.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-7511

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/updateaccount.php. The manipulation of the argument musername leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-7511

CVE-2025-7511 affects code-projects Chat System 1.0. The vulnerability is a SQL injection in the handling of the musername parameter in the file /user/update_account.php, enabling remote exploitation. Multiple connected sources confirm the issue and state that the exploit has been publicly disclo...

Code-Projects Chat System 注入漏洞

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from an error in the parameter musername in the file /user/updateaccount.php that lacks validation of an externally entered SQL statement. An attacker can use this vulnerability to execute illegal SQL...

CVE-2025-2985

The CVE-2025-2985 entry concerns code-projects Payroll Management System 1.0. The vulnerability affects the update_account.php logic, where manipulating the deduction parameter enables SQL injection. Exploitation is remote and can result in high-impact outcomes (confidentiality, integrity, and av...

CVE-2025-0201

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/updateaccount.php. The manipulation of the argument username leads to sql injection. The attack may be...

CVE-2024-9041

A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=updateaccount. The manipulation of the argument firstname/lastname/email leads to sql injection. The attack can...

CVE-2024-46376

Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the updateaccount function of the file rental/adminclass.php...

Socomec Net Vision 跨站请求伪造漏洞

Socomec Net Vision is a network management solution developed by SOCOMEC for its Uninterruptible Power Supply UPS products to remotely monitor, condition manage and automate the operation of UPS. Socomec Net Vision suffers from a cross-site request forgery vulnerability that stems from improper...

Planet IGS-4215-16T2S 跨站请求伪造漏洞

The Planet IGS-4215-16T2S is an industrial grade switching device. The Planet IGS-4215-16T2S suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to add or update accounts via the Switch web interface...