CVE-2026-0546 code-projects Content Management System search.php sql injection

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may ...

code-projects Content Management System SQL注入漏洞

Code-Projects Content Management System is an open source content and management system from Code-Projects. A SQL injection vulnerability exists in code-projects Content Management System version 1.0, which stems from an incorrect manipulation of the parameter Value in the file search.php, which...

PT-2026-1061

Name of the Vulnerable Software and Affected Versions code-projects Content Management System version 1.0 Description A flaw exists in code-projects Content Management System that allows for SQL injection. The issue is located in the search.php file and involves manipulation of the Value argument...

CVE-2025-14667

A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=systeminfo. Such manipulation of the argument metavalue leads to sql injection. The attack may be performed from remote. The exploit has been...

itsourcecode COVID Tracking System SQL注入漏洞

itsourcecode COVID Tracking System is a new coronavirus tracking system open-sourced by itsourcecode. An SQL injection vulnerability exists in version 1.0 of itsourcecode COVID Tracking System, which stems from an incorrect manipulation of the parameter metavalue in the file...

Online Shopping Portal product-details.php file SQL Injection Vulnerability

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the name, summary, review, quality, price, and value parameters in product-details.php. An attacker c...

CVE-2024-44664

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php...

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27706)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...

CVE-2025-8849 Denial of Service in danny-avila/librechat

LibreChat version 0.7.9 is vulnerable to a Denial of Service DoS attack due to unbounded parameter values in the /api/memories endpoint. The key and value parameters accept arbitrarily large inputs without proper validation, leading to a null pointer error in the Rust-based backend when excessive...

CVE-2025-34308

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

CVE-2025-34308

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

CVE-2025-34308 IPFire < v2.29 Stored XSS via Default Time Sync

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the UPDATEVALUE parameter when updating the default time synchronization settings. When the default values...

CVE-2025-34308

IPFire 2.x before 2.29 (Core Update 198) has a stored XSS via the UPDATE_VALUE parameter when updating Time Server settings. An authenticated user can submit arbitrary JavaScript to /cgi-bin/time.cgi; the value is stored and later rendered in the web interface, allowing script execution in other ...

IPFire 安全漏洞

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that stems from not properly cleaning or coding the UPDATEVALUE parameter, which can be exploited by an attacker to inject...

PT-2025-44167

Name of the Vulnerable Software and Affected Versions IPFire versions prior to 2.29 Core Update 198 Description IPFire versions prior to 2.29 Core Update 198 are susceptible to a stored cross-site scripting XSS issue. An authenticated attacker can inject arbitrary JavaScript code through the UPDA...

Online Farm System categoryvalue.php File SQL Injection Vulnerability

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Value in the file /categoryvalue.php. The vulnerability can be exploited by an attacker to...

code-projects Online Farm System 注入漏洞

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Value in the file /categoryvalue.php. The vulnerability can be exploited by an attacker to...

CVE-2025-6117

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /Reservations/Search of the component API. The manipulation of the argument Value leads to sql injection. The attack can be initiated...

Das Parking Management System SQL注入漏洞

Das Parking Management System is a parking management system from Das Corporation. A SQL injection vulnerability exists in Das Parking Management System version 6.2.0, which originates from an incorrect manipulation of the parameter Value in the file /Reservations/Search, resulting in SQL injecti...