EUVD-2026-10264

A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadminuserdelete.php of the component Endpoint. Executing a manipulation of the argument userid can lead to improper authorization. The attack may be performe...

CVE-2023-36331

Incorrect access control in the /member/orderList API of xmall v1.1 allows attackers to arbitrarily access other users' order details via manipulation of the query parameter userId...

CVE-2024-58316

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

EUVD-2025-32714

Insecure Direct Object Reference IDOR in Negotiator v3.15.2 from Biobanking and Biomolecular Resources - European Research Infrastructure BBMRI-ERIC. This vulnerability allows an attacker to access or modify unauthorised resources by manipulating requests that use the 'userID' parameter in...

Employee Task Management System SQL Injection Vulnerability

Employee Task Management System is an Employee Task Management System by Carlo Montero Personal Developer. An SQL injection vulnerability exists in Employee Task Management System version 1.0, which stems from an incorrect manipulation of the parameter userid that can result in an sql injection...