PT-2025-21713 · Unknown · Lambertgroup Video Player & Fullscreen Video Background

Name of the Vulnerable Software and Affected Versions: LambertGroup Video Player & FullScreen Video Background versions 2.4.1 and earlier Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for Blind...

CVE-2025-47587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

CVE-2025-47587

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

CVE-2025-47544

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce aco-woo-dynamic-pricing allows Blind SQL Injection.This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a throu...

CVE-2025-47544

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules for WooCommerce: from n/a through 4.5.8...

CVE-2025-47587 WordPress YaySMTP plugin <= 2.6.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YaySMTP yaysmtp allows Blind SQL Injection.This issue affects YaySMTP: from n/a through = 2.6.4...

CVE-2025-47587

CVE-2025-47587: WordPress YaySMTP

CVE-2025-47544

CVE-2025-47544 refers to the WordPress plugin Dynamic Pricing With Discount Rules for WooCommerce (aco-woo-dynamic-pricing) with versions up to 4.5.8 affected by an SQL Injection due to improper neutralization of input. The vulnerability enables blind SQL injection. Remediation per PT security gu...

CVE-2025-2812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.This issue affects Ticket Sales Automation: before 03.04.2025 DD.MM.YYYY...

CVE-2025-2812

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection. This issue affects Ticket Sales Automation: before 03.04.2025 DD.MM.YYYY...

CVE-2025-2812

CVE-2025-2812 concerns an SQL Injection in Mydata Informatics’ Ticket Sales Automation. The vulnerability arises from improper neutralization of SQL elements, enabling blind SQL injection in the application (Ticket Sales Automation) prior to 03.04.2025. Documented impact is high: potential data d...

CVE-2025-2812 SQLi in Mydata Informatics' Ticket Sales Automation

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection. This issue affects Ticket Sales Automation: before 03.04.2025 DD.MM.YYYY...

CVE-2025-39566

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bob Hostel hostel allows Blind SQL Injection.This issue affects Hostel: from n/a through = 1.1.5.6...

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. XWiki Platform suffers from a SQL injection vulnerability that originates from a remote unauthenticated user who can escape the HQL execution context and perform blind SQL injection, which...

CVE-2025-39569

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder taskbuilder allows Blind SQL Injection.This issue affects Taskbuilder: from n/a through = 4.0.1...

CVE-2025-39569 WordPress Taskbuilder <= 4.0.1 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in taskbuilder Taskbuilder allows Blind SQL Injection. This issue affects Taskbuilder: from n/a through 4.0.1...

CVE-2025-39569

CVE-2025-39569 is an SQL injection vulnerability in the WordPress Taskbuilder plugin (versions up to 4.0.1). The issue stems from improper neutralization of input in SQL commands, enabling Blind SQL Injection and potential data exposure or manipulation. Public disclosures reference Taskbuilder

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...

CVE-2025-29180

In FOXCMS =1.25, the installdb.php file has a time - based blind SQL injection vulnerability. The urlprefix, domain, and mywebsite POST parameters are directly concatenated into SQL statements without filtering...