All CosmicBytez Labs articles tagged #Web Application, across news, security advisories, how-to guides, and projects.
A high-severity unrestricted file upload vulnerability in shiroiAdmin versions 1.1 and 1.3 allows unauthenticated remote attackers to upload PHP webshells and achieve remote code execution.
A critical stored XSS vulnerability in OceanicSoft's ValeApp allows attackers to inject persistent JavaScript payloads that execute in every victim's...
A local file inclusion vulnerability in the WANotifier WordPress plugin (before v2.6) allows any authenticated subscriber-level user to include and...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate backend database...
A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to...
A second high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 targets /preview6.php via the...
A high-severity SQL injection vulnerability (CVSS 7.3) in CollegeManagementSystem allows attackers to manipulate the department_code parameter in…
A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via…
A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...
Twitter-Clone 1 contains a high-severity SQL injection vulnerability in follow.php that allows attackers to extract sensitive database information through.
A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.
Drupal has released emergency security updates for CVE-2026-9082, a highly critical vulnerability in Drupal Core that allows remote code execution,...
A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...
A critical unauthenticated SQL injection vulnerability in ProjeQtor project management software allows attackers to inject arbitrary SQL via the login...
CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...
A critical SQL injection vulnerability in SocialEngine versions 7.8.0 and prior allows unauthenticated remote attackers to execute arbitrary SQL queries...
Vvveb CMS versions prior to 1.0.8.1 allow unauthenticated attackers to inject arbitrary PHP code through the installation endpoint's unsanitized subdir...
A critical SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows unauthenticated remote attackers to bypass login...
A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...
A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...
A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...
A new critical OGNL injection vulnerability in Apache Struts allows unauthenticated remote code execution, reminiscent of the 2017 Equifax breach vector....