Aggregator

Submit #641751 / VDB-309958

A vulnerability classified as critical was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. This vulnerability is reported as CVE-2025-9836. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as problematic has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. This vulnerability is documented as CVE-2025-9835. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #641749 / VDB-309959

Submit #641738 / VDB-322183

Submit #641729 / VDB-322182

A vulnerability described as problematic has been identified in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. This vulnerability is registered as CVE-2025-9834. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Вы думали, что у вас самый надёжный антивирус, а он уже давно не работает.

A vulnerability marked as critical has been reported in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. This vulnerability is cataloged as CVE-2025-9833. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. This vulnerability is listed as CVE-2025-9832. The attack may be performed from remote. In addition, an exploit is available.

Submit #642760 / VDB-310325

Submit #642025 / VDB-322181

Submit #641925 / VDB-289662

Submit #641726 / VDB-310324

Submit #641724 / VDB-289661

A vulnerability identified as critical has been detected in PHPGurukul Beauty Parlour Management System 1.1. This impacts an unknown function of the file /admin/edit-services.php. This manipulation of the argument sername causes sql injection. This vulnerability is tracked as CVE-2025-9831. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability categorized as critical has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/add-customer-services.php. The manipulation of the argument sids[] results in sql injection. This vulnerability is identified as CVE-2025-9830. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. It has been rated as critical. The impacted element is an unknown function of the file /signup.php. The manipulation of the argument mobilenumber leads to sql injection. This vulnerability is referenced as CVE-2025-9829. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Other parameters might be affected as well.

Submit #641720 / VDB-322180

Submit #641739 / VDB-322179