136 matches found
CVE-2026-14706 code-projects Online Examination Quiz Creation Feature update.php sql injection
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...
EUVD-2026-41727
A vulnerability was identified in code-projects Online Examination 1.0. This affects an unknown part of the file /update.php?q=addquiz of the component Quiz Creation Feature. The manipulation of the argument name/total/right/wrong/time/tag/desc leads to sql injection. The attack can be initiated...
AVideo: Authenticated Arbitrary File Read in view/update.php
Summary view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary text files reachable from the web-server process — especially...
CVE-2026-36919
Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...
EUVD-2026-20649
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly a...
CVE-2026-5806
CVE-2026-5806 affects code-projects’ Easy Blog Site 1.0. The vulnerability is a Cross-Site Scripting (XSS) in the /posts/update.php function, via manipulation of the postTitle parameter. Impact per documents is limited to non-persistent integrity disruption with no confidentiality or availability...
Student Management System 授权问题漏洞
Student Management System is a student management system developed by Krishanmurariji. There are authorization-related vulnerabilities in this system; these vulnerabilities stem from incorrect handling of parameters named “Name” in the file/viva/update.php, which may lead to improper authorizatio...
CVE-2026-3838
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
CVE-2026-3838 Unraid Update Request Path Traversal Remote Code Execution Vulnerability
Unraid Update Request Path Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The...
Unraid Update Request Path Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Unraid. Authentication is required to exploit this vulnerability. The specific flaw exists within the update.php file. The issue results from the lack of proper validation of a user-supplied path pri...
CVE-2023-25431
An issue was discovered in Online Reviewer Management System v1.0. There is a XSS vulnerability via reviewer0/admins/assessments/course/course-update.php...
CVE-2023-49989
Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php...
CVE-2022-35422
Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php...
EUVD-2007-6525
Malware in sbrugna...
EUVD-2018-4578
Malware in sbrugna...
EUVD-2022-38310
Malicious code in bioql PyPI...
EUVD-2025-19562
Malicious code in bioql PyPI...
EUVD-2023-29386
Malicious code in bioql PyPI...