A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Sensitive information disclosure in Gmission Web Fax 3.0 (before 3.0.1) enables a locally authenticated low-privileged user to access protected fax data without proper authorization. The root cause is missing authorization checks (CWE-200) that can be abused by an authenticated local actor to read confidential information beyond their intended access scope. No public exploit code exists and this vulnerability is not listed in the CISA KEV catalog at time of analysis.
Stored cross-site scripting (XSS) in WordPress Custom Field Template plugin through version 2.7.7 allows authenticated users to inject malicious scripts that execute in the browsers of other users who view affected content, potentially compromising site security and user data. The vulnerability has an EPSS score of 0.04% (14th percentile), indicating low real-world exploitation probability despite the high-impact nature of stored XSS on WordPress sites.
DOM-based cross-site scripting (XSS) in Crocoblock JetSearch WordPress plugin through version 3.5.16 allows attackers to inject malicious scripts into the search interface that execute in users' browsers. The vulnerability affects the plugin's web page generation when processing search input, enabling attackers to steal session tokens, redirect users, or perform actions on behalf of authenticated users without requiring authentication themselves. No CVSS score was available at analysis time, but the low EPSS score (0.04%, 14th percentile) suggests limited real-world exploitation likelihood despite the XSS vector.
Stored cross-site scripting (XSS) in codeaffairs Wp Text Slider Widget plugin for WordPress versions 1.0 and earlier enables authenticated attackers to inject malicious scripts that execute in the browsers of site administrators and other users. The vulnerability arises from improper input sanitization during widget configuration, allowing persistent code injection through the plugin's admin interface.
Missing authorization in Crocoblock JetBlog plugin versions up to 2.4.7 allows unauthenticated attackers to exploit incorrectly configured access control, potentially bypassing intended security restrictions on blog content and administrative functions. The vulnerability stems from broken access control mechanisms that fail to properly validate user permissions before granting access to sensitive operations, with an EPSS score of 0.04% indicating low real-world exploitation probability despite the authorization defect.
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
Server-Side Request Forgery (SSRF) in WordPress Image Shrinker plugin versions up to 1.1.0 enables unauthenticated remote attackers to forge requests from the affected server to internal or external resources, potentially exposing sensitive data or enabling lateral movement within network infrastructure. The vulnerability has extremely low exploitation probability (EPSS 0.04th percentile) and no public exploit code identified, suggesting limited real-world threat despite the technical severity of SSRF vulnerabilities.
Authorization Bypass in Crocoblock JetPopup WordPress plugin through version 2.0.20.1 allows attackers to exploit incorrectly configured access control security levels via user-controlled keys, enabling unauthorized access to protected popup content and functionality. EPSS score of 0.04% indicates low exploitation probability despite the authorization flaw; no public exploit code or active exploitation has been identified.