CVE-2026-6584

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

CVE-2026-7103

A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file updateuser.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's...

EUVD-2026-23721

A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function updateuser of the file superagi/controllers/user.py of the component User Update Endpoint. The manipulation of the argument userid results in authorization bypass. The attack may be...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the...

CVE-2025-70152

code-projects Community Project Scholars Tracking System 1.0 is vulnerable to SQL Injection in the admin user management endpoints /admin/saveuser.php and /admin/updateuser.php. These endpoints lack authentication checks and directly concatenate user-supplied POST parameters firstname, lastname,...

Student File Management System update_user.php File Cross-Site Scripting Vulnerability

Student File Management System is a student file management system. A cross-site scripting vulnerability exists in Student File Management System, which originates from an incorrect operation of the file /admin/updateuser.php, for which no detailed vulnerability details are currently available...

CVE-2025-14662 code-projects Student File Management System Update User update_user.php cross site scripting

A vulnerability was found in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php of the component Update User Page. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made...

CVE-2025-14621

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php. The manipulation of the argument userid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

CVE-2025-12929

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

CVE-2025-12929

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function saveuser/updateuser of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been publish...

EUVD-2025-38318

A security flaw has been discovered in Campcodes School File Management 1.0. This affects an unknown part of the file /admin/updateuser.php. Performing manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to th...

CVE-2023-46004

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the updateuser function...

CVE-2023-33569

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=updateuser...

CVE-2023-33569

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=updateuser...

CVE-2023-1035

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file updateuser.php. The manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2022-36750

Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/updateuser.php?id=...

CVE-2022-2297

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/updateuser.php?userid=1. The manipulation of the argument profilepicture with the input leads to unrestricted upload. It is possib...

Sql injection

EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profileaction - updateuser. This allows a remote attacker to compromise Application SQL database...

DMA Radius Manager 4.1.5 Cross Site Request Forgery

tanks: Dr Ms Jk - n1arash - Milad Hacking - malahsky...

CVE-2010-5085

CVE-2010-5085 concerns multiple CSRF vulnerabilities in Hulihan Amethyst 0.1.5 (admin/update_user and related endpoints) that allow remote attackers to hijack administrator authentication to change credentials or site configuration. The NVD description confirms cross-site request forgery risks en...