Wazifa System updatesettings.php file SQL injection vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

CVE-2025-8439

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0. This issue affects some unknown processing of the file /controllers/updatesettings.php. The manipulation of the argument Password leads to sql injection. The attack may be initiated remotely. The...

Wazifa System updatesettings.php file cross-site scripting vulnerability

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter firstname in the file /controllers/updatesettings.php, which can be exploited by an...

Code-Projects Wazifa System 代码注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter firstname in the file /controllers/updatesettings.php, which can be exploited by an...