xiaosguang

2 exploits Active since Jan 2025
CVE-2025-0294 WRITEUP MEDIUM WRITEUP
Home Clean Services Management System 1.0 - SQL Injection via process.php Type/Length/Business Parameter
A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVSS 4.7
CVE-2025-22976 WRITEUP HIGH WRITEUP
dingfanzuCMS 1.0 - SQL Injection via checkOrder.php shopId Parameter
SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module.
CVSS 7.1