CVE-2025-5400 chaitak-gorai Blogbook GET Parameter user.php sql injection

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument uid leads to sql injection. It is...

PT-2025-23421 · Unknown · Chaitak-Gorai Blogbook

Name of the Vulnerable Software and Affected Versions: chaitak-gorai Blogbook versions up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 Description: A critical vulnerability was found in chaitak-gorai Blogbook, affecting an unknown function of the file /user.php of the component GET Parameter...

CVE-2025-1579 code-projects Blood Bank System user.php cross site scripting

A vulnerability was found in code-projects Blood Bank System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/user.php. The manipulation of the argument email leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

SimplePHPscripts Classified Ads Script 跨站脚本漏洞

SimplePHPscripts Classified Ads Script is an advertisement tool that can be embedded in websites. A cross-site scripting vulnerability exists in SimplePHPscripts Classified Ads Script version 1.8, which stems from an issue with the file user.php, where manipulation of the parameter title can lead...

CVE-2021-4240 phpservermon User.php generatePasswordResetToken predictable algorithm in random number generator

A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the publ...

iG Calendar 1.0 - user.php?id SQL Injection

iG Calendar 1.0 - user.php?id SQL Injection SQL Injection in ig-Calendar. This works regardless of magicquotesgpc! Dumps mysql login informaion: http://127.0.0.1/ig-calendar/user.php?id=999%20union%20select%201,User,Password,Host,Filepriv,0%20from%20mysql.user ./user.php line 52: $query = 'SELECT...

postnuke v 0.7.0.3 remote command execution

post nuke is one of popular content management system written in php . there are bug in file user.php line 107 which user can append $caselist array with their own value. foreach $caselist as $k=$v $ModName = $v'module'; include "$vpath/$k"; $caselist = array;...

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting

PHP-Nuke 1.02.53.04.x5.x6.x7.x - user.php?uname Cross-Site Scripting source: https://www.securityfocus.com/bid/3609/info PHPNuke is a website creation/maintenance tool. PHPNuke is prone to cross-site scripting attacks. It is possible to create a link to the PHPNuke user information page,...