PHP

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. [CVSS 8.2 HIGH]

SQL injection in the registration module of itsourcecode Cafe Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, which provides attackers with potential access to sensitive data and database manipulation capabilities. No patch is currently available.

Improper authorization in SourceCodester Web-based Pharmacy Product Management System 1.0's add_admin.php allows authenticated remote attackers to gain unauthorized access or modify system data with low complexity. The vulnerability affects confidentiality, integrity, and availability of the affected application. No patch is currently available.

Reflected cross-site scripting (XSS) in itsourcecode Payroll Management System 1.0 exists in the /manage_employee_deductions.php file via unsanitized ID parameters, allowing remote attackers to inject malicious scripts that execute in users' browsers. Public exploit code is available and the vulnerability remains unpatched. Successful exploitation requires user interaction but can lead to session hijacking, credential theft, or unauthorized payroll data manipulation.

A weakness has been identified in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This vulnerability affects unknown code of the file save_up_athlete.php. [CVSS 3.5 LOW]

A security flaw has been discovered in Campcodes Division Regional Athletic Meet Game Result Matrix System 2.1. This affects an unknown part of the file save-games.php. [CVSS 3.5 LOW]

The Timetics WordPress plugin before 1.0.52 does not have authorization in a REST endpoint, allowing unauthenticated users to arbitrarily change a booking's payment status and post status for the "timetics-booking" custom post type. [CVSS 4.3 MEDIUM]

Cross-site scripting (XSS) in the /view_result.php endpoint of PHP-based University Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts through the vr parameter. Public exploit code exists for this vulnerability, which requires user interaction to execute. The vulnerability has no available patch and affects the integrity of affected applications.

SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/doctor_action.php, potentially gaining unauthorized access to sensitive data and modifying database records. Public exploit code exists for this vulnerability, and no patch is currently available.

SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.

FeMiner WMS versions up to 1.0 contain a SQL injection vulnerability in the department addition module that allows unauthenticated remote attackers to manipulate the Name parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.

Access control bypass in Winter CMS before 1.0.477/1.1.12/1.2.12. CVSS 9.9.

Stored DOM-based cross-site scripting (XSS) in OpenEMR prior to version 8.0.0.1 allows authenticated attackers with low privileges to inject malicious scripts through unsanitized patient names in the portal signing component, which are rendered client-side via jQuery. Successful exploitation requires user interaction and could enable attackers to perform actions in the context of affected users or steal sensitive health information. A patch is available in OpenEMR 8.0.0.1 and later versions.

SQL injection in WeGIA before 3.6.6.

WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).

ARMBot contains an unrestricted file upload vulnerability in upload.php that allows unauthenticated attackers to upload arbitrary files by manipulating the file parameter with path traversal sequences. [CVSS 7.5 HIGH]

Arbitrary file upload in FileThingie 2.5.7 via ZIP archives. PoC available.

Reflected XSS in Craft CMS versions before 5.9.7 and 4.17.3 allows remote attackers to execute arbitrary JavaScript in users' browsers via malicious return URLs that bypass insufficient sanitization. The vulnerability exists because the patch for a prior issue relied on strip_tags() to filter URLs, which fails to block dangerous URL schemes like javascript:. An attacker can craft a malicious link that, when clicked by an authenticated user, steals session cookies or performs actions on their behalf.

licenses tracking and software auditing. From 11.0.0 to versions up to 11.0.5 is affected by deserialization of untrusted data (CVSS 8.0).

A vulnerability was detected in PHPEMS 11.0. The affected element is an unknown function of the file /index.php?ask=app-ask. [CVSS 3.5 LOW]

SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom radio and checkboxgroup field values submitted versions up to 2.1.7. is affected by cross-site scripting (xss) (CVSS 7.2).

LFI to RCE in IFTOP by WellChoose.

Stored XSS in the weForms WordPress plugin allows authenticated users with Subscriber-level access to inject malicious scripts through REST API form submissions, bypassing the sanitization applied to frontend submissions. The vulnerability exists in versions up to 1.6.27 due to inconsistent input validation between the AJAX handler and REST API endpoint, enabling attackers to execute arbitrary JavaScript in the context of other users' browsers. No patch is currently available.

divi-booster WordPre versions up to 5.0.2 is affected by cross-site request forgery (csrf) (CVSS 8.1).

Royal Addons for Elementor (WordPress plugin) versions up to 1.7.1049. is affected by unrestricted upload of file with dangerous type (CVSS 8.8).

The RTMKit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'themebuilder' parameter in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. [CVSS 6.1 MEDIUM]

LinkAce versions 2.1.0 and earlier allow authenticated users to inappropriately associate other users' private taxonomies with their own links through insufficient authorization checks in the processTaxonomy() method. This enables privilege escalation where attackers can gain unauthorized access to private tags and lists belonging to other users on the same instance. The vulnerability requires valid authentication credentials and has no available patch at this time.

Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.

GetSimple CMS massiveAdmin plugin has a CSRF vulnerability enabling attackers to perform admin actions through crafted malicious pages.

A Stored Cross-Site Scripting (XSS) vulnerability exists in the PluXml article comments feature for PluXml versions 5.8.22 and earlier. The application fails to properly sanitize or validate user-supplied input in the "link" field of a comment. [CVSS 6.1 MEDIUM]

Gas station automation system BUK TS-G 2.9.1 has a SQL injection enabling compromise of fuel management and transaction data.

The webauthn-lib PHP library before version 5.2.4 incorrectly validates origin restrictions by comparing only hostname components, allowing attackers to bypass authentication policies that rely on scheme or port differentiation. This enables an attacker to authenticate from origins that should be blocked, such as using HTTP instead of HTTPS or non-standard ports. Applications using this library with strict origin policies are affected until they upgrade to the patched version.

Unauthorized event participation manipulation in Admidio prior to 5.0.6 allows authenticated users to register or cancel participation for other users by manipulating the user_uuid parameter in event functions. Any user with event participation privileges can exploit this to modify another user's event enrollment status without authorization. The vulnerability requires authentication and affects confidentiality through unauthorized modifications.

WWBN AVideo is an open source video platform. versions up to 25.0 is affected by missing authentication for critical function.

Patients Waiting Area Queue Management System versions up to 1.0 contains a security vulnerability (CVSS 5.3).

SQL injection in Eventobot event management application allows unauthenticated attackers to perform complete database operations including data retrieval, creation, update, and deletion.

Stored cross-site scripting in itsourcecode Payroll Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the ID parameter in /manage_employee_allowances.php. Public exploit code exists for this vulnerability, though no patch is currently available. Successful exploitation could enable credential theft or unauthorized actions within the payroll system.

SourceCodester Resort Reservation System 1.0 contains SQL injection in the /room_rates.php endpoint via the q parameter, allowing authenticated remote attackers to execute arbitrary database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can be performed over the network with minimal complexity.

Unrestricted file upload in SourceCodester Resort Reservation System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /controller.php?action=add, potentially leading to remote code execution. Public exploit code exists for this vulnerability, and no patch is currently available. The issue affects PHP-based installations of the affected resort reservation software.

SQL injection in SourceCodester Sales and Inventory System 1.0 via the sellid GET parameter in sales_invoice1.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can suffer data exposure, modification, or loss depending on database permissions.

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated remote attackers to manipulate the purchaseid parameter in purchase_invoice.php, enabling unauthorized data access and modification. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at risk.

SQL injection in SourceCodester Sales and Inventory System 1.0 allows authenticated attackers to execute arbitrary SQL queries through the searchtxt parameter in dashboard.php. Public exploit code exists for this vulnerability, enabling remote exploitation by users with login credentials to read, modify, or delete database contents. No patch is currently available.

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

SQL injection in EasyCMS up to version 1.6 via the _order parameter in the Request Parameter Handler allows authenticated remote attackers to execute arbitrary SQL queries with medium impact on confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification.

SQL injection in EasyCMS versions up to 1.6 via the _order parameter in the Request Parameter Handler allows remote attackers with valid credentials to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not released a patch despite early disclosure notification. The attack requires low complexity and can result in unauthorized data access, modification, and potential service disruption.

SQL injection in SourceCodester Resort Reservation System 1.0 via the q parameter in /accommodation.php allows remote authenticated attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials could extract or modify sensitive reservation and user data.

College Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

Web-Based Pharmacy Product Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 3.5).

SQL injection in itsourcecode University Management System 1.0 via the dt parameter in /att_single_view.php enables remote attackers to execute arbitrary SQL queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. The attack affects data confidentiality, integrity, and availability with a CVSS score of 7.3.

Improper authorization in SourceCodester Client Database Management System 1.0 allows unauthenticated remote attackers to manipulate the /superadmin_user_update.php file, potentially gaining unauthorized access to sensitive functionality. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

Simple Flight Ticket Booking System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 4.3).

Improper authorization in SourceCodester Client Database Management System 1.0/3.1 allows unauthenticated remote attackers to manipulate the manager_id parameter in the /superadmin_delete_manager.php endpoint to bypass access controls. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to gain unauthorized access with limited confidentiality, integrity, and availability impact.

Client Database Management System versions up to 1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 5.4).

SQL injection in itsourcecode University Management System 1.0 via the seme parameter in /view_result.php allows unauthenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

SQL injection in projectworlds Online Art Gallery Shop 1.0 via the reach_nm parameter in /admin/adminHome.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available for affected installations.

SQL injection in projectworlds Online Art Gallery Shop 1.0 allows unauthenticated remote attackers to manipulate the Info parameter in /admin/adminHome.php, potentially enabling unauthorized database access and data theft. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available, requiring organizations to implement compensating controls or upgrade to a patched version when released.

SQL injection in SourceCodester Sales and Inventory System up to version 1.0 allows authenticated remote attackers to manipulate the stock_name1 parameter in /check_item_details.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but could enable data disclosure, modification, or deletion within the affected system.

Sales And Inventory System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 6.3).

SQL injection in SourceCodester Sales and Inventory System 1.0 via the cost parameter in /add_stock.php enables authenticated attackers to manipulate database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires valid credentials but can result in unauthorized data access and modification.

SQL injection in SourceCodester Sales and Inventory System versions up to 1.0 via the sid parameter in /add_sales_print.php allows authenticated attackers to execute arbitrary SQL queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to access, modify, or delete sensitive inventory and sales data.

SourceCodester Employee Task Management System through version 1.0 contains a SQL injection vulnerability in the /daily-task-report.php GET parameter handler that allows remote attackers with high privileges to extract or manipulate database contents. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access but no user interaction, potentially compromising sensitive employee task data and system integrity.

SQL injection in SourceCodester Employee Task Management System 1.0 allows remote attackers to manipulate the Date parameter in /daily-attendance-report.php, enabling unauthorized database access and modification. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

SQL injection in itsourcecode University Management System 1.0 via the subject parameter in /add_result.php enables remote attackers to execute arbitrary database queries without authentication. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data exfiltration, modification, or deletion through unauthenticated network-based attacks.

SQL injection in SourceCodester Simple Responsive Tourism Website 1.0 via the Username parameter in the Login.php component enables unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify application state. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems exposed to active exploitation.

SQL injection in Student Web Portal 1.0's profile.php allows authenticated attackers to execute arbitrary SQL queries through improper input validation on the User parameter, potentially leading to unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.

SQL injection in Student Web Portal 1.0's signup.php password validation function allows unauthenticated remote attackers to manipulate database queries through the reg_passwd parameter. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable unauthorized data access, modification, or deletion.

A flaw has been found in YiFang CMS 2.0.5. This affects the function update of the file app/db/admin/D_singlePageGroup.php. [CVSS 3.5 LOW]

A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/D_singlePage.php. [CVSS 3.5 LOW]

A security vulnerability has been detected in YiFang CMS 2.0.5. The affected element is the function update of the file app/db/admin/D_friendLink.php. [CVSS 3.5 LOW]

SQL injection in itsourcecode University Management System 1.0 allows remote attackers to manipulate the admin_search_student parameter in /admin_search_student.php without authentication, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Pet Grooming Management Software versions up to 1.0 contains a vulnerability that allows attackers to improper authorization (CVSS 6.3).

SQL injection in Simple Flight Ticket Booking System 1.0's SearchResultRoundtrip.php parameter handling enables unauthenticated remote attackers to manipulate database queries and potentially extract, modify, or delete sensitive data. Public exploit code exists for this vulnerability, increasing exploitation risk. No patch is currently available.

SQL injection in Simple Flight Ticket Booking System 1.0 allows unauthenticated remote attackers to manipulate the SearchResultOneway.php input parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can be executed over the network, enabling attackers to read, modify, or delete sensitive flight booking data.

Improper authorization in SourceCodester Client Database Management System 1.0 allows remote attackers to manipulate the manager_id parameter in /fetch_manager_details.php to access unauthorized data. Public exploit code exists for this vulnerability, and no patch is currently available. Affected systems can be compromised over the network without authentication or user interaction.

SQL injection in Free Hotel Reservation System 1.0 allows remote attackers to manipulate the amen_id and rmtype_id parameters in the amenities management interface, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw affects PHP-based installations and requires no authentication or user interaction to exploit.

Patients Waiting Area Queue Management System versions up to 1.0 contains a security vulnerability (CVSS 6.3).

SQL injection in Simple Flight Ticket Booking System 1.0's /Admindelete.php endpoint allows unauthenticated remote attackers to manipulate the flightno parameter and execute arbitrary database queries, potentially leading to data theft or modification. Public exploit code is available for this vulnerability, and no patch has been released as of now.

OpenCart 4.0.2.3 contains an incomplete fix for a template injection vulnerability in the admin template controller that allows high-privileged attackers to inject malicious code through improper neutralization of special template elements. An authenticated administrator can exploit this flaw to achieve arbitrary code execution on the affected system. No patch is currently available, and the vendor has not responded to disclosure attempts.

SQL injection in Simple Flight Ticket Booking System 1.0's admin update function allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires administrative credentials but could enable data exfiltration or modification of flight booking records.

SQL injection in Simple Flight Ticket Booking System 1.0's /Adminadd.php allows remote attackers with high privileges to manipulate flight parameters and execute arbitrary SQL queries, potentially compromising flight booking data. Public exploit code exists for this vulnerability, though patches are not yet available. The attack requires administrative credentials but can be exploited over the network without user interaction.

Simple Flight Ticket Booking System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

SQL injection in Simple Flight Ticket Booking System 1.0's login functionality allows unauthenticated attackers to manipulate the Username parameter and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. PHP installations running the affected application should be isolated until a security patch becomes available.

SQL injection in Simple Flight Ticket Booking System 1.0 via the flightno parameter in /Adminsearch.php allows unauthenticated remote attackers to query or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected users should immediately restrict access to the admin search functionality or upgrade if a patched version becomes available.

Reflected cross-site scripting (XSS) in SourceCodester Loan Management System 1.0 allows unauthenticated remote attackers to inject malicious scripts via the page parameter in /index.php. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability enables attackers to perform actions on behalf of victims or steal sensitive information, though no patch is currently available.

SourceCodester Modern Image Gallery App 1.0 contains a path traversal vulnerability in the /delete.php file that allows unauthenticated remote attackers to manipulate the filename parameter and access or delete arbitrary files. Public exploit code exists for this vulnerability, and no patch is currently available. The vulnerability can lead to information disclosure or file deletion on affected systems.

The DisallowedRawHtml extension in PHP Commonmark (league/commonmark) versions prior to 2.8.1 can be bypassed by injecting whitespace characters between HTML tag names and closing brackets, allowing malicious scripts to pass sanitization filters and execute in user browsers. Applications relying solely on this extension to sanitize untrusted markdown input are vulnerable to cross-site scripting attacks, though those using additional HTML sanitizers are unaffected. No patch is currently available for affected versions.

Purchase Button For Affiliate Link (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. [CVSS 7.2 HIGH]