134 matches found
AVideo: Authenticated Arbitrary File Read in view/update.php
Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...
CVE-2026-36919
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...
EUVD-2026-20649
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
CVE-2026-5806 affects code-projects’ Easy Blog Site 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the /posts/update.php function, via manipulation of the postTitle parameter. Impact per documents is limited to non-persistent integrity disruption with no confidentiality or availability...
Student Management System 授权问题漏洞
Student Management System is a student management system developed by Krishanmurariji. There are authorization-related vulnerabilities in this system; these vulnerabilities stem from incorrect handling of parameters named “Name” in the file/viva/update.php, which may lead to improper authorizatio...
CVE-2026-3838
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
CVE-2026-3838 Unraid Update Request Path Traversal Remote Code Execution Vulnerability
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path pri...
CVE-2023-25431
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer0/admins/assessments/course/course-update.php...
CVE-2023-49989
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php...
CVE-2022-35422
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...
EUVD-2007-6525
Malware in sbrugna...
EUVD-2018-4578
Malware in sbrugna...
EUVD-2023-29386
Malicious code in bioql PyPI...
EUVD-2025-19562
Malicious code in bioql PyPI...
EUVD-2022-38310
Malicious code in bioql PyPI...
CVE-2025-9749 HKritesh009 Grocery List Management Web App update.php sql injection
A vulnerability was identified in HKritesh009 Grocery List Management Web App up to f491b681eb70d465f445c9a721415c965190f83b. This affects an unknown part of the file /src/update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2025-9402 HuangDou UTCMS Config update.php server-side request forgery
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...