appRain CMF cross-site scripting vulnerability (CNVD-2025-21113)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input on the /apprain/developer/addons/update/admin endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authentication...

CVE-2025-41048

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...

CVE-2025-41048 Stored Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in appRain CMF version 4.0.5, consisting of a stored authenticated XSS due to a lack of proper validation of user input, through the 'dataAddonlayouts' and 'dataAddonlayoutsexcept' parameters in /apprain/developer/addons/update/admin...

CVE-2024-7038 Information Disclosure in open-webui/open-webui

An information disclosure vulnerability exists in open-webui version 0.3.8. The vulnerability is related to the embedding model update feature under admin settings. When a user updates the model path, the system checks if the file exists and provides different error messages based on the existenc...

CVE-2024-28557

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php...

SourceCodester Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in SourceCodester Task Management System v1.0 that could allow a remote attacker to execute arbitrary code, elevate privileges, and obtain sensitive information via update-admin.php using a crafted...

CVE-2024-29301

SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?adminid=...

PT-2024-22852 · Sourcecodester · Sourcecodester Php Task Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Task Management System version 1.0 Description: The issue is related to SQL Injection via the update-admin.php endpoint, specifically through the admin id parameter. This allows for potential exploitation. No information is...

PHP Task Management System 安全漏洞

SourceCodester Task Management System is a task management system. A security vulnerability exists in PHP Task Management System version 1.0, which is vulnerable to an SQL injection attack via update-admin.php?adminid=...

CVE-2024-28595

SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the adminid parameter in update-admin.php...

PT-2024-22491 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the admin id parameter in "update-admin.php". This can potentially lead to unauthorized access and manipulation of database...

Employee Management System SQL Injection Vulnerability

Employee Management System is an employee management system. A SQL injection vulnerability exists in Employee Management System v1.0 that could allow an attacker to run arbitrary SQL commands via the adminid parameter in update-admin.php...

CVE-2024-2576

A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument adminid leads to authorization bypass. It is possible to initiate the attack remotely. T...

CVE-2024-2555

A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The...

PT-2024-20998 · Sourcecodester · Sourcecodester Employee Task Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Task Management System version 1.0 Description: A critical issue was found in the SourceCodester Employee Task Management System, affecting some unknown functionality of the file update-admin.php. The manipulation of t...

PT-2023-28714 · Unknown · Wpdatatables

Name of the Vulnerable Software and Affected Versions: wpDataTables versions prior to 2.1.66 Description: The issue concerns the deserialization of arbitrary data due to a lack of validation of the Serialized PHP array input data. This can potentially lead to remote code execution if a suitable...

PT-2022-24858 · Discotoc · Discotoc

Name of the Vulnerable Software and Affected Versions: DiscoTOC versions prior to the fixed version on the main branch Description: The issue allows users to inject arbitrary HTML on a topic's page if they can create topics in TOC-enabled categories and have a sufficient trust level. The estimate...

Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link:...

Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Add/Update Admin Exploit Author: Ihsan Sencan Vendor Homepage:...

Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Vulnerability

Exploit for php platform in category web applications Exploit Title: Data Center Audit 2.6.2 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link:...