1395 matches found
WordPress plugin Latest Post Accordian Slider 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress Latest Post Accordian Slider plugin, which stems from a lack of random number validation on the lpaccordian...
WordPress plugin Website Contact Form With File Upload 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...
Zoo Management System /admin/index.php File SQL Injection Vulnerability
Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /admin/index.php. An attacker can exploit this vulnerability to...
Online Appointment Booking System ulocateus.php File SQL Injection Vulnerability
Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter doctorname in the file /ulocateus.php that lacks validation of externally entered SQL statements. An...
Mobile Shop EditMobile.php File SQL Injection Vulnerability
Mobile Shop is a mobile store. Mobile Shop suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /EditMobile.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to...
Modern Bag product-update.php file SQL Injection Vulnerability
Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter idProduct in the file /admin/product-update.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to...
CVE-2025-6058
The WPBookit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the imageuploadhandle function hooked via the 'addbookingtype' route in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitra...
Code-Projects Library System 代码问题漏洞
Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /user/teacher/profile.php. An attacker can exploit this vulnerability to upload malicious files...
Frappe Technologies Frappe 授权问题漏洞
Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. Frappe Technologies Frappe suffers from an authorization issue vulnerability that stems from a lack of server-side validation, which could lead to...
Simple forum code issue vulnerability
Simple forum is a simple forum. Simple forum has a code issue vulnerability that stems from the lack of valid validation of uploaded files in the parameter File in the file /forum1.php. An attacker can exploit this vulnerability to upload malicious files...
Library System add-book.php file code issue vulnerability
Library System is a library system. Library System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter image in the file /add-book.php. An attacker can exploit this vulnerability to upload malicious files...
Car Rental System add_cars.php File SQL Injection Vulnerability
Car Rental System is a car rental system. Car Rental System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter carname in the file /admin/addcars.php. An attacker can use this vulnerability to execute illegal S...
Janssen 安全漏洞
Janssen is an open source user authentication component from the Janssen Project Open Source. A security vulnerability exists in Janssen versions prior to 1.8.0, which stems from the Config API returning results without validating the scope, which could lead to information disclosure...
Simple Pizza Ordering System saveorder.php File SQL Injection Vulnerability
Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /saveorder.php. An attacker can exploit this...
Inventory Management System editBrand.php File SQL Injection Vulnerability
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...
Simple Online Hotel Reservation System index.php File SQL Injection Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in the file...
CVE-2025-20282
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks tha...
Code-Projects Inventory Management System 注入漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...
xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode
A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests...
PHPGurukul Pre-School Enrollment System Project 安全漏洞
The Pre-School Enrollment System Project is a preschool enrollment system project. A directory traversal vulnerability exists in Pre-School Enrollment System Project, which stems from a lack of validity checking of paths in the file update-teacher-pic.php when processing directory requests, and c...