CVE-2025-67081

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

PT-2026-2999

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker may exploit missing protection against clickjacking by tricking users into performing unintended actions through maliciously crafted web pages, potentially leading to the extraction of...

PT-2026-3172

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

PT-2026-3181

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order by parameter in POST requests to the ajax list endpoint to potentially extract or modify...

EUVD-2026-2787

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

PT-2026-3052

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...

CVE-2025-67082

The CVE-2025-67082 entry concerns InvoicePlane versions up to 1.6.3. The vulnerability is an SQL injection in the maxQuantity and minQuantity parameters when generating a report, exploitable via error-based SQL injection by an authenticated user. The issue stems from insufficient sanitization of ...

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2022-50805

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...

CVE-2022-50894 VIAVIWEB Wallpaper Admin 1.0 SQL Injection via edit_gallery_image.php

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

CVE-2022-50894

The CVE-2022-50894 issue affects VIAVIWEB Wallpaper Admin 1.0. The connected documents confirm an SQL injection vulnerability in the img_id parameter of the edit_gallery_image.php endpoint, which authenticated attackers can exploit to manipulate database queries and extract information. The root ...

CVE-2025-67146

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...

CVE-2022-50895 Aero CMS 0.0.1 - SQL Injection

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2022-50895 Aero CMS 0.0.1 - SQL Injection

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2022-50895

Aero CMS 0.0.1 is affected by a SQL injection in the author parameter. The vulnerability allows attackers to manipulate SQL queries using boolean-based, error-based, time-based, and UNION techniques to extract sensitive data and potentially compromise the system. Affected component: author parame...

CVE-2022-50805 Senayan Library Management System 9.0.0 - SQL Injection

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...

CVE-2022-50805

Senayan Library Management System 9.0.0 (SLiMS) contains a SQL injection in the value of the class parameter. The root cause is unsafely constructed SQL queries that allow crafted payloads to manipulate database queries, potentially exfiltrating sensitive information. Exploitation is described as...

PT-2026-2371

Name of the Vulnerable Software and Affected Versions Aero CMS version 0.0.1 Description Aero CMS version 0.0.1 has a SQL injection issue in the author parameter. This allows manipulation of database queries using boolean-based, error-based, time-based, and UNION query techniques. Successful...

CVE-2025-67146

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...