EUVD-2025-198302

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The myds GET parameter is not adequately sanitized before being used in SQL queries...

CVE-2025-64493 SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind time-based SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the...

CVE-2025-64492

SuiteCRM 8.9.0 and earlier are affected by a time-based blind SQL injection that requires authentication. The vulnerability lets an attacker infer data from the database by measuring response times, enabling enumeration of database, table, and column names and potentially extracting sensitive dat...

CVE-2025-10968

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

CVE-2025-10968 SQLi in GG Soft's PaperWork

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection. This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

CVE-2025-60239

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

Blind-SQLi

Explotación de un SQLi a...

CVE-2025-64366

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-64366 WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-6520

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

CVE-2025-6520 SQLi in Abis Technology's BAPSIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

CVE-2025-6520

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

EUVD-2025-37308

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection.This issue affects BAPSIS: before 202510271606...

CVE-2025-11735

The CVE refers to HUSKY – Products Filter Professional for WooCommerce (WordPress plugin) with a blind SQL Injection via the phrase parameter. Affected versions are all up to and including 1.3.7.1, caused by insufficient escaping and lack of proper query preparation, enabling unauthenticated atta...

CVE-2025-49931

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Crocoblock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

EUVD-2025-35527

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CrocoBlock JetSearch jet-search allows Blind SQL Injection.This issue affects JetSearch: from n/a through = 3.5.10...

PT-2025-43195

Name of the Vulnerable Software and Affected Versions CrocoBlock JetSearch versions through 3.5.10 Description A flaw exists in CrocoBlock JetSearch that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This issue could potentially allow an...