5.3
CVE-2025-2608 - PHPGurukul Banquet Booking System view-user-queries.php sql injection
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has beenβ¦
5.3
CVE-2025-2607 - phplaozhang LzCMS-LaoZhangBoKeXiTong HTTP POST Request upimage.html unrestricted upload
A vulnerability was found in phplaozhang LzCMS-LaoZhangBoKeXiTong up to 1.1.4. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/upload/upimage.html of the component HTTP POST Request Handler. The manipulation of the argument File leads to unrestβ¦
5.3
CVE-2025-2606 - SourceCodester Best Church Management Software soulwinning_crud.php unrestricted upload
A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/soulwinning_crud.php. The manipulation of the argument photo/photo1 leads to unrestricted upload. The β¦
5.3
CVE-2025-2604 - SourceCodester Kortex Lite Advocate Office Management System edit_act.php sql injection
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_act.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The β¦
5.3
CVE-2025-2603 - SourceCodester Kortex Lite Advocate Office Management System deactivate.php sql injection
A vulnerability was found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This issue affects some unknown processing of the file deactivate.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The explβ¦
5.3
CVE-2025-2602 - SourceCodester Kortex Lite Advocate Office Management System deactivate_reg.php sql injection
A vulnerability has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file deactivate_reg.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. Thβ¦
5.3
CVE-2025-2601 - SourceCodester Kortex Lite Advocate Office Management System activate_reg.php sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Kortex Lite Advocate Office Management System 1.0. This affects an unknown part of the file activate_reg.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. Thβ¦
6.8
CVE-2025-25036 - Jalios JPlatform 10 Authenticated XML External Entity Injection (XXE)
Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 (SP8).
7.3
CVE-2025-25035 - Jalios JPlatform 10 Multiple Cross-Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1β¦
4.7
CVE-2019-16151 -
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS 6.4.1 and below, 6.2.9 and below may allow a remote unauthenticated attacker to either redirect users to malicious websites via a crafted "Host" header or to execute JavaScript code in the victim's browβ¦