Lucene search
K

266 matches found

CVE
CVE
added 17 hours ago7 views

CVE-2026-14798

CVE-2026-14798 affects CodeAstro Apartment Visitor Management System 1.0. The issue arises from processing the parameter visname in the file /apartment-visitor/visitor-entry.php, which can lead to a SQL injection. The vulnerability is exploitable remotely, with a publicly available exploit. The s...

6.5CVSS6.6AI score
Exploits0References6
Cvelist
Cvelist
added 17 hours ago9 views

CVE-2026-14797 CodeAstro Apartment Visitor Management System edit-apartment.php sql injection

A vulnerability was determined in CodeAstro Apartment Visitor Management System 1.0. This vulnerability affects unknown code of the file /apartment-visitor/edit-apartment.php. Executing a manipulation of the argument editid can lead to sql injection. It is possible to launch the attack remotely...

6.5CVSS
Exploits0References6
NVD
NVD
added 2 days ago6 views

CVE-2026-14640

A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...

7.5CVSS0.00263EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.10 views

CVE-2026-6162

A vulnerability has been found in PHPGurukul Company Visitor Management System 2.0. This impacts an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack is possible to be carried out remotely. The exploit ha...

5.1CVSS3.7AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

7.2CVSS5.7AI score0.00807EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.14 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/05/31 7:16 a.m.18 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS0.00244EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/31 5:15 a.m.15 views

EUVD-2026-33490

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/31 5:15 a.m.35 views

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS0.00244EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/31 5:15 a.m.10 views

CVE-2026-10170

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/31 5:15 a.m.9 views

CVE-2026-10170 code-projects Visitor Management System phone_0.php sql injection

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may be...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References5
CVE
CVE
added 2026/05/31 5:15 a.m.22 views

CVE-2026-10170

The CVE-2026-10170 entry affects code-projects Visitor Management System 1.0. A SQL injection vulnerability is present in /vms/php/phone_0.php via the phone parameter. The issue is remotely triggerable and an exploit has been published, indicating potential real-world use. The bundled metrics ind...

6.5CVSS5.7AI score0.00244EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.10 views

PT-2026-45173

A flaw has been found in code-projects Visitor Management System 1.0. Affected by this issue is some unknown functionality of the file /vms/php/phone 0.php. This manipulation of the argument phone causes sql injection. The attack may be initiated remotely. The exploit has been published and may b...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.11 views

Code-Projects Visitor Management System SQL注入漏洞

The Code-Projects Visitor Management System is an open-source visitor management system developed by Code-Projects. Version 1.0 of the code-projects Visitor Management System has a SQL injection vulnerability. This vulnerability arises from the parameter handling in the file/vms/php/phone0.php,...

6.5CVSS6.6AI score0.00244EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/21 6:31 p.m.7 views

EUVD-2026-24139

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

7.2CVSS5.9AI score0.00807EPSS
Exploits1References3
NVD
NVD
added 2026/04/21 4:16 p.m.8 views

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

7.2CVSS0.00807EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/21 12:0 a.m.34 views

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

0.00807EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Visitor Management System 安全漏洞

The Visitor Management System is a system for managing visitors. Version 1.0 of the Visitor Management System has security vulnerabilities. These vulnerabilities stem from the lack of validation in the upload functions of the vms/php/adminuserinsert.php and vms/php/update1.php files, which may le...

7.2CVSS6.1AI score0.00807EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/21 12:0 a.m.5 views

CVE-2026-37748

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/adminuserinsert.php and vms/php/update1.php. The moveuploadedfile function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP webshell a...

5.9AI score0.00807EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.9 views

PT-2026-33995

Visitor Management System 1.0 by sanjay1313 is vulnerable to Unrestricted File Upload in vms/php/admin user insert.php and vms/php/update 1.php. The move uploaded file function is called without any MIME type, extension, or content validation, allowing an authenticated admin to upload a PHP...

5.9AI score0.00807EPSS
Exploits1References3
Rows per page
Query Builder