Wangchaoxing

#8427of 53,634
32.6Total CVSS
Vulnerabilities · 4
Medium
2
Critical
2
PT-2026-43247
6.5
2026-05-26
Unknown · Codeastro Leave Management System · CVE-2026-9542
**Name of the Vulnerable Software and Affected Versions** CodeAstro Leave Management System version 1.0 **Description** A weakness in the file '/admin/add staff.php' allows for remote SQL injection. This occurs when the `email id` argument is manipulated, enabling an attacker to interfere with the application's database queries. **Recommendations** Update CodeAstro Leave Management System to a version newer than 1.0. As a temporary workaround, restrict access to the '/admin/add staff.php' file or avoid using the `email id` parameter until a patch is applied.
PT-2026-35513
6.5
2026-04-27
Unknown · Codeastro Online Classroom · CVE-2026-7148
**Name of the Vulnerable Software and Affected Versions** CodeAstro Online Classroom version 1.0 **Description** A flaw in the '/addnewfaculty' endpoint allows for remote SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution. This occurs through the manipulation of the `fname` argument. **Recommendations** Restrict access to the '/addnewfaculty' endpoint or avoid using the `fname` parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-24936
9.8
2026-03-12
Itsourcecode · Cafe Reservation System · CVE-2026-4014
**Name of the Vulnerable Software and Affected Versions** itsourcecode Cafe Reservation System version 1.0 **Description** A security issue has been identified in itsourcecode Cafe Reservation System 1.0. The issue affects an unknown function within the `/curvus2/signup.php` file of the Registration component. Manipulating the `Username` argument results in SQL injection. Remote exploitation is possible, and the exploit has been publicly released. **Recommendations** versions prior to 1.0 should be updated. As a temporary workaround, consider restricting access to the `/curvus2/signup.php` file until a fix is available. Avoid using the `Username` parameter in the affected file until the issue is resolved.
PT-2026-3367
9.8
2026-01-17
Unknown · Feminer Wms · CVE-2026-1059
**Name of the Vulnerable Software and Affected Versions** FeMiner wms versions prior to 9cad1f1b179a98b9547fd003c23b07c7594775fa **Description** A security issue exists in FeMiner wms. The manipulation of the `Username` argument in the file `/src/chkuser.php` can lead to SQL injection. This attack can be carried out remotely. The exploit has been publicly disclosed. **Recommendations** Update FeMiner wms to version 9cad1f1b179a98b9547fd003c23b07c7594775fa or later.