A SQL injection vulnerability exists in Synnefo Internet Management Software (IMS) version 2023 and earlier. This vulnerability occurs due to improper input validation in a specific API endpoint param
EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input conf
Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the unde
A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executin
A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_product.php. The manipulation of the argument txtProductName leads t
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argume
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_update.php. The manipula
A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of th
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of
A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing a manipulation of the a
A security vulnerability has been detected in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. This affects an unknown part of the file /SISReport/WebReport20/Proxy/AsyncTreeProxy.a
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argume
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manip
A vulnerability was found in code-projects University Event Management System 1.0. It has been classified as critical. This affects an unknown part of the file doedit.php. The manipulation of the argu
Improper neutralization of input provided by an unauthorized user into changes__reference_id parameter in URL allows for boolean-based Blind SQL Injection attacks.
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity timel
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file member_register.php. The manipulation