5.3
CVE-2025-13234 - itsourcecode Inventory Management System index.php sql injection
A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=product. Performing manipulation of the argument PROID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made β¦
6.9
CVE-2025-13233 - itsourcecode Inventory Management System index.php sql injection
A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=single-item. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to tβ¦
5.1
CVE-2025-13232 - projectsend File Editor/Custom Download Aliases cross site scripting
A flaw has been found in projectsend up to r1720. Impacted is an unknown function of the component File Editor/Custom Download Aliases. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. Upgrading to versβ¦
6.9
CVE-2025-13221 - Intelbras UnniTI usuarios.xml credentials storage
A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed remotely. The exploit has bβ¦
5.1
CVE-2025-13210 - itsourcecode Inventory Management System index.php sql injection
A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from remote. The exploit has beβ¦
5.3
CVE-2025-13209 - bestfeng oa_git_free WorkflowPredefineController.java updateWriteBack xml external entity reference
A weakness has been identified in bestfeng oa_git_free up to 9.5. This affects the function updateWriteBack of the file yimioa-oa9.5\server\c-flow\src\main\java\com\cloudweb\oa\controller\WorkflowPredefineController.java. This manipulation of the argument writeProp causes xml external entity refereβ¦
5.3
CVE-2025-13208 - FantasticLBP Hotels Server hotelList.php sql injection
A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. The impacted element is an unknown function of the file controller/api/hotelList.php. The manipulation of the argument subjectId/cityName results in sql injection. The attack can be exeβ¦
6.9
CVE-2025-13203 - code-projects Simple Cafe Ordering System addmem.php sql injection
A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. This vulnerability affects unknown code of the file /addmem.php. Executing manipulation of the argument studentnum can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made avaiβ¦
5.1
CVE-2025-13202 - code-projects Simple Cafe Ordering System add_to_cart cross site scripting
A security flaw has been discovered in code-projects Simple Cafe Ordering System 1.0. This affects an unknown part of the file /add_to_cart. Performing manipulation of the argument product_name results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been relβ¦
6.9
CVE-2025-13201 - code-projects Simple Cafe Ordering System login.php sql injection
A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly availableβ¦