15 matches found
CVE-2026-6628 phili67 Ecclesia CRM Query Viewer view ValidateInput sql injection
A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argument custom causes sql injection. The attack can be initiated remotely. The exploit has been publish...
CVE-2026-4632
CVE-2026-4632 affects itsourcecode Online Enrollment System 1.0. The vulnerability resides in the unknown code path of /sms/user/index.php?view=add under the Parameter Handler, where manipulating the Name argument can trigger SQL injection. The issue is exploitable remotely and, according to cite...
CVE-2026-2195
A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out...
CVE-2025-13257 itsourcecode Inventory Management System index.php sql injection
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...
InvoicePlane 代码问题漏洞
InvoicePlane is an application from InvoicePlane Open Source. Provides a self-hosted open source application for managing your quotes, invoices, customers and payments. A code issue vulnerability exists in InvoicePlane 1.6.1 and prior versions, which stems from the fact that the file /invoices/vi...
PayPal,Credit Card and Debit Card Payment SQL注入漏洞
PayPal,Credit Card and Debit Card Payment is a PayPal, Credit Card and Debit Card Payment software by janobe individual developer. A SQL injection vulnerability exists in PayPal,Credit Card and Debit Card Payment version 1.0. An attacker can use this vulnerability to send a specially crafted quer...
PHPVOD Cross-Site Scripting Vulnerability
PHPVOD is a PHPVOD open source application. It is used to build online video websites. A cross-site scripting vulnerability exists in PHPVOD v4.0, which originates from a cross-site scripting vulnerability contained in the id parameter in /view/admin/view.php...
CVE-2024-35350
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/viewborrow. Manipulating the argument id can result in SQL injection...
Complete Web-Based School Management System SQL注入漏洞
Campcodes Complete Web-Based School Management System is a web-based school management system from Campcodes, Inc. A SQL injection vulnerability exists in version 1.0 of the Complete Web-Based School Management System, which originates from an unknown function in /view/teacherattendancehistory1.p...
CVE-2024-29229
Missing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to obtain sensitive information via unspecified vectors...
CVE-2023-33676
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=" which can be escalated to the remote command execution...
BigProf Online Invoicing System Cross-Site Scripting Vulnerability
BigProf Online Invoicing System OIS is an online invoicing system. A cross-site scripting vulnerability exists in BigProf Online Invoicing System version 2.6, which originates from a cross-site scripting vulnerability in the FirstRecord parameter of /invoicing/app/itemsview.php...
CVE-2022-36698
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/viewcategory.php...
Trendnet TRENDnet TV-IP110WN 跨站脚本漏洞
The Trendnet TRENDnet TV-IP110WN is a wireless webcam from Trendnet. The Trendnet TRENDnet TV-IP110WN suffers from a cross-site scripting vulnerability that stems from an XSS vulnerability in the profile parameter in /admin/view.cgi...
PT-2007-3691 · B2Evolution · B2Evolution
Name of the Vulnerable Software and Affected Versions: b2evolution affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in several parameters, including the inc path parameter to various PHP files in the blogs directory, the view...