5.3
CVE-2025-11354 - code-projects Online Hotel Reservation System addslideexec.php unrestricted upload
A flaw has been found in code-projects Online Hotel Reservation System 1.0. Affected is an unknown function of the file /admin/addslideexec.php. Executing manipulation of the argument image can lead to unrestricted upload. The attack may be performed from remote. The exploit has been published and β¦
7.5
CVE-2025-10162 - OrderConvo < 14 - Unauthenticated Arbitrary File Read
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
5.3
CVE-2025-11353 - code-projects Online Hotel Reservation System addgalleryexec.php unrestricted upload
A vulnerability was detected in code-projects Online Hotel Reservation System 1.0. This impacts an unknown function of the file /admin/addgalleryexec.php. Performing manipulation of the argument image results in unrestricted upload. The attack is possible to be carried out remotely. The exploit is β¦
5.3
CVE-2025-11352 - code-projects Online Hotel Reservation System addexec.php unrestricted upload
A security vulnerability has been detected in code-projects Online Hotel Reservation System 1.0. This affects an unknown function of the file /admin/addexec.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosedβ¦
8.7
CVE-2025-11362 -
Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.
5.3
CVE-2025-11351 - code-projects Online Hotel Reservation System editpicexec.php unrestricted upload
A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has beeβ¦
6.9
CVE-2025-11350 - Campcodes Online Apartment Visitor Management System bwdates-reports-details.php sql injection
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The β¦
6.9
CVE-2025-11349 - Campcodes Online Apartment Visitor Management System search-visitor.php sql injection
A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available anβ¦
6.9
CVE-2025-11348 - Campcodes Online Apartment Visitor Management System index.php sql injection
A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been publiβ¦
6.9
CVE-2025-11347 - code-projects Student Crud Operation Add Student Page/Edit Student add.php move_uploaded_file unresβ¦
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remoteβ¦