π¨ CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
blog.urth.org
Security Issues in Perl IP Address distros
Edit on 2021-03-29 21:40(ish) UTC: Added Net-Subnet (appears unaffected) and reordered the details to match the list at the top of the post.
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
π¨ CVE-2024-3669
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
Web Directory Free < 1.7.2 - Reflected XSS
See details on Web Directory Free < 1.7.2 - Reflected XSS CVE 2024-3669. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4096
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
Responsive Tabs < 4.0.11 - Contributor+ Stored XSS
See details on Responsive Tabs < 4.0.11 - Contributor+ Stored XSS CVE 2024-4096. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5765
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
WPScan
WpStickyBar <= 2.1.0 - Unauthenticated SQLi
See details on WpStickyBar <= 2.1.0 - Unauthenticated SQLi CVE 2024-5765. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5807
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
WPScan
Business Card <= 1.0.0 - Admin+ File Upload
See details on Business Card <= 1.0.0 - Admin+ File Upload CVE 2024-5807. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
WPScan
WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF
See details on WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF CVE 2024-5808. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5809
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users
π@cveNotify
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users
π@cveNotify
WPScan
WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting
See details on WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting CVE 2024-5809. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-4816
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/appointment.php SQL injection Β· Issue #8 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecodester.c...
π¨ CVE-2025-4817
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/delete-appointment.php SQL injection Β· Issue #9 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/delete-appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecod...
π¨ CVE-2025-4818
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/delete-doctor.php SQL injection Β· Issue #10 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/delete-doctor.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecodester...
π¨ CVE-2024-51106
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
π@cveNotify
GitHub
Writeups/CVE/phpGurukul/Medical Card Generation System/Stored XSS-About Us.pdf at main Β· 0xBhushan/Writeups
Contribute to 0xBhushan/Writeups development by creating an account on GitHub.
π¨ CVE-2025-5002
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Client Database Management System V1.0 /user_proposal_update_order.php SQL injection Β· Issue #5 Β· laifeng-boy/cve
Sourcecodester Client Database Management System V1.0 /user_proposal_update_order.php SQL injection NAME OF AFFECTED PRODUCT(S) Client Database Management System Vendor Homepage https://www.sourcec...
π¨ CVE-2025-5003
A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Projectworlds Online Time Table Generator PHP MYSQL V1.0 /semester_ajax.php SQL injection Β· Issue #4 Β· huangyi234/CVE
Projectworlds Online Time Table Generator PHP MYSQL V1.0 /semester_ajax.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Time Table Generator PHP MYSQL Vendor Homepage https://projectworlds.in/...
π¨ CVE-2025-4938
A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registererms.php. The manipulation of the argument Email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registererms.php. The manipulation of the argument Email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
PHPGurukul Employee Record Management System Project V1.3 registererms.php SQL injection Β· Issue #2 Β· WuYanneko/CVE
PHPGurukul Employee Record Management System Project V1.3 registererms.php SQL injection reporter wuyanneko Name of Affected Product(s) Employee Record Management System Vendor Homepage https://php...
π¨ CVE-2025-4939
A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability classified as problematic was found in PHPGurukul Credit Card Application Management System 1.0. This vulnerability affects unknown code of the file /admin/new-ccapplication.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
credit-card-application-management-system-using-php-and-mysql/Stored Cross-Site Scripting (XSS).md at main Β· GIRISH05/credit-cardβ¦
Contribute to GIRISH05/credit-card-application-management-system-using-php-and-mysql development by creating an account on GitHub.
π¨ CVE-2025-4941
A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability, which was classified as critical, was found in PHPGurukul Credit Card Application Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Credit-card-application-management-system/SQL-Injection.md at main Β· GIRISH05/Credit-card-application-management-system
Contribute to GIRISH05/Credit-card-application-management-system development by creating an account on GitHub.
π¨ CVE-2025-5077
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
campcodes Online Shopping Portal V1.0 /admin/edit-subcategory.php SQL injection Β· Issue #1 Β· GeniusWang23/CVE
campcodes Online Shopping Portal V1.0 /admin/edit-subcategory.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Shopping Portal Vendor Homepage https://www.campcodes.com/projects/complete-online...
π¨ CVE-2025-5078
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
campcodes Online Shopping Portal V1.0 /admin/subcategory.php SQL injection Β· Issue #2 Β· GeniusWang23/CVE
campcodes Online Shopping Portal V1.0 /admin/subcategory.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Shopping Portal Vendor Homepage https://www.campcodes.com/projects/complete-online-shop...
π¨ CVE-2025-5079
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
campcodes Online Shopping Portal V1.0 /admin/updateorder.php SQL injection Β· Issue #1 Β· dico-Z/CVE
campcodes Online Shopping Portal V1.0 /admin/updateorder.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Shopping Portal Vendor Homepage https://www.campcodes.com/projects/complete-online-shop...
π¨ CVE-2025-5056
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-products.php. The manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE 2025-5056 Β· Issue #1 Β· Jacob-z691/CVE
campcodes Online Shopping Portal V1.0 /admin/edit-products.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Shopping Portal Vendor Homepage https://www.campcodes.com/projects/complete-online-sh...
π¨ CVE-2025-5057
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/insert-product.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
π@cveNotify
GitHub
campcodes Online Shopping Portal V1.0 /admin/insert-product.php SQL injection Β· Issue #2 Β· Jacob-z691/CVE
campcodes Online Shopping Portal V1.0 /admin/insert-product.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Shopping Portal Vendor Homepage https://www.campcodes.com/projects/complete-online-s...