Aggregator

A vulnerability described as critical has been identified in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. This vulnerability appears as CVE-2025-5079. The attack may be performed from remote. In addition, an exploit is available.

Submit #641754 / VDB-322187

Submit #645384 / VDB-322186

Submit #645382 / VDB-322185

Submit #641750 / VDB-322184

Submit #641751 / VDB-309958

A vulnerability classified as critical was found in macrozheng mall up to 1.0.3. This vulnerability affects the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderId results in authorization bypass. This vulnerability is reported as CVE-2025-9836. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability classified as problematic has been found in macrozheng mall up to 1.0.3. This affects the function cancelOrder of the file /order/cancelUserOrder. The manipulation of the argument orderId leads to authorization bypass. This vulnerability is documented as CVE-2025-9835. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #641749 / VDB-309959

Submit #641738 / VDB-322183

Submit #641729 / VDB-322182

A vulnerability described as problematic has been identified in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /registration.php. Executing manipulation of the argument Username can lead to cross site scripting. This vulnerability is registered as CVE-2025-9834. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Вы думали, что у вас самый надёжный антивирус, а он уже давно не работает.

A vulnerability marked as critical has been reported in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. This vulnerability is cataloged as CVE-2025-9833. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as critical has been found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. This vulnerability is listed as CVE-2025-9832. The attack may be performed from remote. In addition, an exploit is available.

Submit #642760 / VDB-310325

Submit #642025 / VDB-322181

Submit #641925 / VDB-289662

Submit #641726 / VDB-310324

Submit #641724 / VDB-289661