10 matches found
CVE-2025-7555
CVE-2025-7555 affects code-projects Voting System 1.0. The vulnerability is in the file /admin/voters_add.php where user-supplied firstname/lastname are directly concatenated into an SQL statement, enabling SQL injection. Several connected sources (CNVD, CNNVD, Red Hat, NVD, PT-2025-29400) confir...
CVE-2025-7557
CVE-2025-7557 affects code-projects Voting System 1.0. The vulnerable component is the file /admin/voters_row.php where the input parameter id is concatenated into an SQL statement, causing an SQL injection. Multiple connected sources confirm remote, unauthenticated exploitation with the possibil...
CVE-2025-7581
CVE-2025-7581 affects code-projects Voting System 1.0. The vulnerability lies in the file /admin/positions_edit.php , where the user-supplied id parameter is directly concatenated into an SQL statement, causing an SQL injection. Documents show remote exploitability and publicly disclosed PoC/use,...
CVE-2025-7556
CVE-2025-7556 affects code-projects Voting System 1.0. The vulnerability is an SQL injection in the file /admin/voters_edit.php caused by directly concatenating user-supplied input (e.g., the ID parameter) into SQL statements, enabling remote exploitation and potential data theft. Multiple connec...
CVE-2025-7558
CVE-2025-7558 describes a SQL injection in code-projects Voting System 1.0, exploitable via manipulation of the description parameter in /admin/positions_add.php. Multiple sources confirm the vulnerability, with public PoC and related exploits (e.g., CVE PoC repo) and CNVD/Red Hat entries reitera...
CVE-2025-7580
CVE-2025-7580 affects code-projects Voting System 1.0. The SQL injection arises from the /admin/positions_row.php file where the user-supplied id is directly concatenated into an SQL statement, enabling remote exploitation and potential data leakage if exploited. Public disclosures and PoCs exist...
CVE-2025-8174
CVE-2025-8174 affects code-projects Voting System 1.0. The vulnerability is in /admin/candidates_add.php where the photo upload is not properly validated, allowing unrestricted file uploads (potential webshell). Exploitation described as remote with public disclosure; PoC exists in public sources...
CVE-2025-11421
CVE-2025-11421 applies to code-projects Voting System 1.0. The flaw is a cross-site scripting vulnerability in the unknown function of the file /admin/candidates_edit.php , caused by manipulating the arguments Firstname/Lastname/Platform . Remote exploitation is possible, and an exploit has been ...
CVE-2025-11512
CVE-2025-11512 affects code-projects Voting System 1.0. The issue is a cross-site scripting vulnerability in the file /admin/voters_add.php caused by improper handling of the Firstname/Lastname/Platform parameters. It can be exploited remotely and the exploit has been made public. Affected versio...
CVE-2025-11508
Voting System 1.0 contains a vulnerability in /admin/voters_add.php where manipulating the photo argument enables unrestricted file uploads. The issue is remotely exploitable and has publicly disclosed exploit information. No patch/version remediation details are provided in the supplied document...