EUVD-2026-28154

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a logged-in administrator to submit a forged request that adds,...

CVE-2025-14051

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

CVE-2025-14051

A flaw has been found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function getById/updateAddress/deleteAddress of the file /mall-ums/app-api/v1/addresses/. Executing manipulation can lead to improper control of dynamically-identified variables. The attack can be executed remotely. The...

PT-2025-49171

Name of the Vulnerable Software and Affected Versions youlaitech youlai-mall versions 1.0.0 through 2.0.0 Description A flaw exists in youlaitech youlai-mall versions 1.0.0 through 2.0.0 related to improper control of dynamically-identified variables. The issue is present in the getById,...

EUVD-2025-31418

Malicious code in bioql PyPI...

CVE-2025-11055 SourceCodester Online Hotel Reservation System updateaddress.php sql injection

A vulnerability was detected in SourceCodester Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/updateaddress.php. The manipulation of the argument address results in sql injection. The attack may be launched remotely. The exploit is now public and may be us...

CVE-2025-11055

CVE-2025-11055 affects SourceCodester Online Hotel Reservation System 1.0. The vulnerability is in the file /admin/updateaddress.php, where manipulation of the address parameter leads to a SQL injection. Exploitation can be performed remotely, and public exploits are noted in the sources. Several...

PT-2025-39722

Name of the Vulnerable Software and Affected Versions SourceCodester Online Hotel Reservation System version 1.0 Description A SQL injection issue exists in SourceCodester Online Hotel Reservation System version 1.0. The issue is located in the file /admin/updateaddress.php. Manipulation of the...

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

XMall 安全漏洞

XMall is a distributed e-commerce shopping mall based on SOA architecture by an individual developer at Exrick. A security vulnerability exists in XMall 1.1 and earlier versions, which stems from an elevation of privilege in the updateAddress method of the Address Controller class...

PT-2025-16382 · Unknown · Erick Xmall

Name of the Vulnerable Software and Affected Versions: Erick xmall versions 1.1 and earlier Description: An issue in Erick xmall allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. Recommendations: For Erick xmall versions 1.1 and earlier,...