PT-2025-26447

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found, affecting the /admin/execeditroom.php file, where the manipulation of the userid argument leads to SQL injection. This issue can be...

CVE-2025-4863 Advaya Softech GEMS ERP Portal studentLogin.action sql injection

A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The explo...

PT-2025-9193 · Zj1983 Zz · Zj1983 Zz

Name of the Vulnerable Software and Affected Versions: zj1983 zz versions up to 2024-8 Description: A critical issue was found in the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to SQL injection. Th...

CVE-2024-10927 MonoCMS Account Information Page account.php cross site scripting

A vulnerability was found in MonoCMS up to 20240528. It has been classified as problematic. Affected is an unknown function of the file /monofiles/account.php of the component Account Information Page. The manipulation of the argument userid leads to cross site scripting. It is possible to launch...

PT-2023-16424 · Dst-Admin · Dst-Admin

Name of the Vulnerable Software and Affected Versions: dst-admin version 1.5.0 Description: A critical issue has been found in the software, affecting some unknown functionality of the file /home/kickPlayer. The manipulation of the userId argument leads to command injection. The attack can be...