Vendor CVEs
Itsourcecode
All CVEs
463 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25320 | Cri | 0.64 | 9.8 | 0.01 | May 17, 2026 | ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with… | ||
| CVE-2026-36235 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2026 | A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or… | ||
| CVE-2026-36234 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2026 | itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. | ||
| CVE-2026-36233 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2026 | A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without… | ||
| CVE-2026-36232 | Cri | 0.64 | 9.8 | 0.00 | Apr 10, 2026 | A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization… | ||
| CVE-2026-32393 | Hig | 0.49 | 7.5 | 0.00 | Mar 13, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2. | ||
| CVE-2020-37034 | Hig | 0.49 | 7.5 | 0.01 | Jan 30, 2026 | HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive… | ||
| CVE-2026-10253 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public… | ||
| CVE-2026-10252 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has… | ||
| CVE-2026-10251 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote.… | ||
| CVE-2026-10250 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be… | ||
| CVE-2026-10249 | Hig | 0.47 | 7.3 | 0.00 | Jun 1, 2026 | A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly… | ||
| CVE-2026-9606 | Hig | 0.47 | 7.3 | 0.00 | May 27, 2026 | A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the… | ||
| CVE-2026-9575 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated… | ||
| CVE-2026-9574 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched… | ||
| CVE-2026-9573 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated… | ||
| CVE-2026-9528 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly… | ||
| CVE-2026-9526 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made… | ||
| CVE-2026-9525 | Hig | 0.47 | 7.3 | 0.00 | May 26, 2026 | A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to… | ||
| CVE-2026-9383 | Hig | 0.47 | 7.3 | 0.00 | May 24, 2026 | A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been… | ||
| CVE-2026-8771 | Hig | 0.47 | 7.3 | 0.00 | May 18, 2026 | A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql… | ||
| CVE-2026-7592 | Hig | 0.47 | 7.3 | 0.00 | May 1, 2026 | A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made… | ||
| CVE-2026-7126 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit… | ||
| CVE-2026-7077 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly… | ||
| CVE-2026-7076 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2026-7075 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The… | ||
| CVE-2026-7074 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been… | ||
| CVE-2026-7073 | Hig | 0.47 | 7.3 | 0.00 | Apr 27, 2026 | A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may… | ||
| CVE-2026-35478 | Hig | 0.47 | 8.3 | 0.00 | Apr 8, 2026 | InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the… | ||
| CVE-2026-5551 | Hig | 0.47 | 7.3 | 0.00 | Apr 5, 2026 | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may… | ||
| CVE-2026-5534 | Hig | 0.47 | 7.3 | 0.00 | Apr 5, 2026 | A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be… | ||
| CVE-2026-5334 | Hig | 0.47 | 7.3 | 0.00 | Apr 2, 2026 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible… | ||
| CVE-2026-5238 | Hig | 0.47 | 7.3 | 0.00 | Apr 1, 2026 | A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack… | ||
| CVE-2026-5237 | Hig | 0.47 | 7.3 | 0.00 | Mar 31, 2026 | A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection.… | ||
| CVE-2026-4842 | Hig | 0.47 | 7.3 | 0.00 | Mar 26, 2026 | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection.… | ||
| CVE-2026-4632 | Hig | 0.47 | 7.3 | 0.00 | Mar 24, 2026 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack… | ||
| CVE-2026-4612 | Hig | 0.47 | 7.3 | 0.00 | Mar 23, 2026 | A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection.… | ||
| CVE-2026-4237 | Hig | 0.47 | 7.3 | 0.00 | Mar 16, 2026 | A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The… | ||
| CVE-2026-4236 | Hig | 0.47 | 7.3 | 0.00 | Mar 16, 2026 | A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from… | ||
| CVE-2026-4235 | Hig | 0.47 | 7.3 | 0.00 | Mar 16, 2026 | A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit… | ||
| CVE-2026-4223 | Hig | 0.47 | 7.3 | 0.00 | Mar 16, 2026 | A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly… | ||
| CVE-2026-3730 | Hig | 0.47 | 7.3 | 0.00 | Mar 8, 2026 | A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection.… | ||
| CVE-2026-3410 | Hig | 0.47 | 7.3 | 0.00 | Mar 2, 2026 | A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched… | ||
| CVE-2026-3261 | Hig | 0.47 | 7.3 | 0.00 | Feb 26, 2026 | A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has… | ||
| CVE-2026-3153 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been… | ||
| CVE-2026-3152 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit… | ||
| CVE-2026-3151 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public… | ||
| CVE-2026-3133 | Hig | 0.47 | 7.3 | 0.00 | Feb 25, 2026 | A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is… | ||
| CVE-2026-3069 | Hig | 0.47 | 7.3 | 0.00 | Feb 24, 2026 | A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2026-3068 | Hig | 0.47 | 7.3 | 0.00 | Feb 24, 2026 | A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made… |
- risk 0.64cvss 9.8epss 0.01
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with…
- risk 0.64cvss 9.8epss 0.00
A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or…
- risk 0.64cvss 9.8epss 0.00
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.
- risk 0.64cvss 9.8epss 0.00
A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without…
- risk 0.64cvss 9.8epss 0.00
A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization…
- risk 0.49cvss 7.5epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.
- risk 0.49cvss 7.5epss 0.01
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote.…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in linlinjava litemall up to 1.8.0. This impacts the function list of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/web/WxGoodsController.java of the component Front-end WeChat API. Performing a manipulation results in sql…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /edit_staff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save_category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /edit_parcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was determined in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /edit_branch.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in itsourcecode Construction Management System 1.0. This issue affects some unknown processing of the file /locations.php. Performing a manipulation of the argument address results in sql injection. It is possible to initiate the attack remotely. The…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /execute.php. This manipulation of the argument code causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may…
- risk 0.47cvss 8.3epss 0.00
InvenTree is an Open Source Inventory Management System. From 0.16.0 to before 1.2.7, any authenticated InvenTree user can create a valid API token attributed to any other user in the system — including administrators and superusers — by supplying the target's user ID in the…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit&id=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /view_employee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manage_user.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection.…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection.…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod_users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account_id leads to sql injection.…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod_reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument user_email causes sql injection. The attack is possible to be carried out remotely. The exploit…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage_employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly…
- risk 0.47cvss 7.3epss 0.00
A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. The affected element is an unknown function of the file /hotel/admin/mod_amenities/index.php?view=edit. Performing a manipulation of the argument amen_id/rmtype_id results in sql injection.…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit…
- risk 0.47cvss 7.3epss 0.00
A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public…
- risk 0.47cvss 7.3epss 0.00
A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is…
- risk 0.47cvss 7.3epss 0.00
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been…
- risk 0.47cvss 7.3epss 0.00
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made…
Page 1 of 10