CVE-2025-22976

SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module...

CVE-2024-22939

Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/categoryedit component...

CVE-2024-51376

CVE-2024-51376 is a directory traversal vulnerability in yeqifu carRental v1.0 that allows a remote attacker to obtain sensitive data through the file/downloadFile.action?path= endpoint. The issue is consistently described across sources (NVD, Red Hat, CNNVD, CIRCL, etc.) with a base CVSS v3.1 sc...

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

CVE-2024-51430

CVE-2024-51430 is an XSS vulnerability in SourceCodester’s Online Diagnostic Lab Management System (PHP v1.0). The flaw allows a remote attacker to execute arbitrary code by manipulating the Test Name parameter in the diagnostic/add-test.php component. The affected item is the online diagnostic l...

CVE-2024-48579

SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request...

CVE-2024-48655

CVE-2024-48655 affects Total.js CMS v1.0. The vulnerability is a remote code execution through the func.js file, as documented by multiple sources (Red Hat, NVD, OSV, CNNVD, CVE listing, PT Security). Root cause specifics are not expanded in the provided materials beyond path and impact. Remediat...

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file...

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file...

CVE-2024-46532

SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component...

CVE-2024-37869

File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable...

Giftora 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : Giftora V 1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | | Vendor :...

CVE-2024-40498

SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php...

CVE-2023-50685

An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the clientport parameter...

CVE-2023-50685

An issue in Hipcam Cameras RealServer v.1.0 allows a remote attacker to cause a denial of service via a crafted script to the clientport parameter...

CVE-2024-33292

SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter...

CVE-2024-33292

SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter...

CVE-2024-30890

Cross Site Scripting vulnerability in ED01-CMS v.1.0 allows an attacker to obtain sensitive information via the categories.php component...

CVE-2023-51281

CVE-2023-51281 affects the Customer Support System v1.0. The vulnerability is a Cross-Site Scripting (XSS) flaw that allows a remote attacker to escalate privileges via crafted inputs for fields such as firstname, lastname, middlename, contact, and address. Affected component details and exact ro...

CVE-2024-22983

SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint...