432 matches found
Apache StreamPipes 安全漏洞
Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. A security vulnerability exists in Apache StreamPipes version 0.97.0 and earlier, which stems from a flaw in the user ID...
PT-2025-53854
Name of the Vulnerable Software and Affected Versions Apache StreamPipes versions 0.69.0 through 0.97.0 Description A flaw exists in Apache StreamPipes that allows a user with a non-administrator account to manipulate the user ID creation mechanism. This manipulation enables the swapping of a...
Student File Management System user_id Parameter SQL Injection Vulnerability
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...
EUVD-2025-203654
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...
WeKan 安全漏洞
WeKan is a Kanban application from the WeKan open source. A security vulnerability exists in WeKan version 18.15 and earlier, which stems from the Attachment Upload API treating the Authorization bearer value as a userId, which could lead to application-level denial of service and identity spoofi...
PT-2025-51148
Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote code execution. The issue is located in the file /admin/delete user.php and involves the manipulati...
Code-Projects Student File Management System SQL注入漏洞
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from an incorrect manipulation of the parameter userid in the file /admin/deleteuser.php, and can be exploited by an attacker to obtain or...
CVE-2025-14621
Summary: CVE-2025-14621 affects Code-Projects’ Student File Management System 1.0. The vulnerability lies in the /admin/update_user.php file where the user_id parameter is not properly validated, enabling SQL injection. Remote exploitation is possible, and an exploit is publicly available. Variou...
Code-Projects Student File Management System SQL注入漏洞
Student File Management System is a student file management system. A SQL injection vulnerability exists in Student File Management System, which originates from the lack of validation of an externally entered SQL statement in the parameter userid in the file /admin/updateuser.php. An attacker ca...
CVE-2024-58316
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
EUVD-2024-55348
Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...
Simple Shopping Cart settings.php File SQL Injection Vulnerability
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...
EUVD-2025-201716
A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...
CVE-2025-14246
A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...
CVE-2025-14246
A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument userid results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publi...
CVE-2025-14246
CVE-2025-14246 affects code-projects Simple Shopping Cart 1.0. The vulnerability is a SQL injection in /Customers/settings.php triggered by manipulating the user_id parameter. Remote exploitation is possible and the exploit has been publicly disclosed. Advisories (CNVD/CNNVD/Red Hat) confirm the ...
Code-Projects Simple Shopping Cart SQL注入漏洞
Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter userid in the file /Customers/settings.php. An attacker can exploit this...
CVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...
CVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...
EUVD-2025-199866
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability...