Aggregator

A vulnerability was found in PHPGurukul Employee Record Management System 1.3. It has been declared as problematic. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument First name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-11112. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in Campcodes Advanced Online Voting Management System 1.0. It has been classified as critical. This affects an unknown function of the file /admin/candidates_edit.php. This manipulation of the argument ID causes sql injection. This vulnerability is handled as CVE-2025-11111. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #662699 / VDB-326195

Submit #662695 / VDB-326194

A vulnerability was found in Campcodes Online Learning Management System 1.0 and classified as critical. The impacted element is an unknown function of the file /admin/school_year.php. The manipulation of the argument school_year results in sql injection. This vulnerability is known as CVE-2025-11110. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #662498 / VDB-326193

Submit #662468 / VDB-326192

Submit #662467 / VDB-326191

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0 and classified as critical. The affected element is an unknown function of the file /pages/us_edit.php?action=edit. The manipulation of the argument ID leads to sql injection. This vulnerability is traded as CVE-2025-11109. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in code-projects Simple Scheduling System 1.0. Impacted is an unknown function of the file /schedulingsystem/addroom.php. Executing manipulation of the argument room can lead to sql injection. This vulnerability appears as CVE-2025-11108. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in code-projects Simple Scheduling System 1.0. This issue affects some unknown processing of the file /schedulingsystem/addcourse.php. Performing manipulation of the argument corcode results in sql injection. This vulnerability is reported as CVE-2025-11107. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in code-projects Simple Scheduling System 1.0. This vulnerability affects unknown code of the file /schedulingsystem/addfaculty.php. Such manipulation of the argument falname leads to sql injection. This vulnerability is documented as CVE-2025-11106. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in code-projects Simple Scheduling System 1.0. This affects an unknown part of the file /schedulingsystem/addsubject.php. This manipulation of the argument subcode causes sql injection. This vulnerability is registered as CVE-2025-11105. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. This vulnerability is cataloged as CVE-2025-11104. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #662455 / VDB-326190

Submit #662445 / VDB-326189

Submit #662444 / VDB-326188

Submit #662443 / VDB-326187

Submit #662442 / VDB-326186

A vulnerability marked as critical has been reported in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. This vulnerability is listed as CVE-2025-11103. The attack may be initiated remotely. In addition, an exploit is available.