CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-8122

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-8122

The connected Red Hat advisory details CVE-2025-7063 as a PAD CMS vulnerability where an unauthenticated attacker can exploit client-controlled permission checks to upload arbitrary files (any type/extension) through the file upload functionality, enabling Remote Code Execution. Affected are all ...

CVE-2025-8121 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

PT-2025-39970

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user within the article positioning functionality, leading to potential Blind SQL...

PT-2025-39971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The issue involves improper neutralization of input provided by an authorized user in the article positioning functionality, leading to Blind SQL Injection...

CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...

CVE-2025-60108

CVE-2025-60108 (LambertGroup - AllInOne - Banner with Thumbnails) is a SQL Injection vulnerability in the WordPress plugin, allowing improper neutralization of input elements. Affected: LambertGroup - AllInOne - Banner with Thumbnails (up through version 3.8). Impact per CVSS: high confidentialit...

PT-2025-39555

Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Banner with Thumbnails versions through 3.8 Description A flaw exists in LambertGroup - AllInOne - Banner with Thumbnails that allows for Blind SQL Injection due to improper neutralization of special elements used in ...

PT-2025-38315

Name of the Vulnerable Software and Affected Versions Logo Software Retail Sales Management versions through 20250918 Logo Software Diva versions through 4.56.00.00 Description A SQL injection issue exists in Logo Software Retail Sales Management and Diva due to improper neutralization of special...

SUSE CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-58453

CVE-2025-58453 affects WeGIA Web Manager (versions 3.4.10 and earlier). The SQL Injection occurs in the exibe_anexo.php endpoint via the id_anexo parameter, enabling an attacker to run arbitrary SQL and access sensitive data. A patch is available in version 3.4.11. Some sources indicate a proof-o...

CVE-2025-58453 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'exibe_anexo.php' parameter 'id_anexo'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...

CVE-2025-58628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58881

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through = 8.0...

CVE-2025-7385

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...

CVE-2025-58628 WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58628 WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...