CVE-2026-10236

Technical details about CVE-2026-10236 are not publicly available in the provided documents. Monitor for updates from authoritative sources for affected components, vulnerable files, and remediation steps.

CVE-2019-25682 CMSsite 1.0 Cross-Site Request Forgery via users.php

CMSsite 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting crafted pages that submit POST requests to the users.php endpoint...

EUVD-2019-8006

Malware in sbrugna...

Vehicle Parking Management System reg-users.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter del in the file /admin/reg-users.php that lacks validation of externally entered SQL statements. An attacker can...

CVE-2025-5633

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. The attack may be...

CVE-2024-40069

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting XSS via idgenerator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'...

PHPGurukul User Management System 安全漏洞

User Management System is a user management system. User Management System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the file /ums-sp/admin/registered-users.php, which can be exploited by an attacke...

CVE-2024-8343

A vulnerability, which was classified as critical, was found in SourceCodester Sentiment Based Movie Rating System 1.0. Affected is an unknown function of the file /classes/Users.php?f=saveclient of the component User Registration Handler. The manipulation of the argument email leads to sql...

Medicine Tracker System 跨站请求伪造漏洞

Medicine Tracker System is a drug tracking system by the individual developer Carlo Montero. A cross-site request forgery vulnerability exists in Medicine Tracker System version 1.0, which stems from unknown code in file /classes/Users.php?f=saveuser that can lead to cross-site request forgery...

Computer Laboratory Management System 跨站脚本漏洞

Computer Laboratory Management System is a computer laboratory management system. A cross-site scripting vulnerability exists in SourceCodester Computer Laboratory Management System version 1.0, which is caused by cross-site scripting in the id parameter of the /classes/Users.php file...

CVE-2023-3184

A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username leads to cross sit...

CVE-2023-2099

A vulnerability classified as problematic has been found in SourceCodester Vehicle Service Management System 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The...

PT-2023-16647 · Sourcecodester · Sourcecodester Music Gallery Site

Name of the Vulnerable Software and Affected Versions: SourceCodester Music Gallery Site version 1.0 Description: A critical issue affects the processing of the file Users.php in the POST Request Handler component, leading to improper access controls. The manipulation can be initiated remotely...

CVE-2022-37152

An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=saveclient"...

CVE-2022-36270

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php...

CVE-2022-28525

ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edituser&id=1...

WordPress plugin CleanTalk 跨站脚本漏洞

WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is a WordPress application plugin. WordPress CleanTalk plugin 5.173 and earlier versions have a cross-sit...

CVE-2022-26266

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

EPSON EPS TSE Server Cross-Site Scripting Vulnerability

EPSON EPS TSE Server is a server from EPSON Japan. A cross-site scripting vulnerability exists in EPSON EPS TSE Server 8 that stems from a cross-site scripting XSS issue with the update user and delete user functions in settings users.php, which could be exploited by authenticated attackers to...