CVE-2025-69216

OpenSTAManager (versions 2.9.8 and earlier) contains an authenticated SQL injection in the Scadenzario (Payment Schedule) print template. The flaw resides in templates/scadenzario/init.php where the id_anagrafica parameter is directly concatenated into an SQL query, bypassing sanitization. This e...

CVE-2025-12620

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

SQL Injection Vulnerability in Telecom Gateway Configuration Management System of China Telecom Group Corporation Ltd.

Founded in September 2000, China Telecom Group Corporation China Telecom is a large state-owned telecommunications company and a global partner of the Shanghai World Expo. A SQL injection vulnerability exists in the Telecom Gateway Configuration Management System of China Telecom Group Corporatio...

SQL Injection Vulnerability in Sancai Journal Acquisition System (CNVD-2020-38472)

Sancai Journal Acquisition and Editing System is a networked office platform. SQL injection vulnerability exists in Sancai Journal Editorial System. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in ForU CMS

ForU CMS is an open source website management system. ForU CMS suffers from a SQL injection vulnerability that can be exploited by attackers to obtain sensitive information about a database...

SQL Injection Vulnerability in ab***.php of Shanghai Enterprise Torch Advertising Media Co.

Ltd. is committed to providing all kinds of enterprises and institutions with network domain name registration, web hosting rental, website construction and maintenance, website promotion and publicity, website revision and translation, enterprise post office, network payment, system integration,...

SQL Injection Vulnerability in Youdot Enterprise Website Management System

Youdot Enterprise Website Management System is an enterprise management system developed by Changsha Youdot Software Technology Co. There is a SQL injection vulnerability in YouPoint Enterprise Website Management System, which can be exploited by attackers to obtain sensitive information from the...

SQL Injection Vulnerability in Ningbo Haishu Olive Tree Website Building System (CNVD-2019-13623)

Ningbo Haishu Olive Tree website builder is an enterprise website builder. SQL injection vulnerability exists in Ningbo Haishu Olive Tree website builder, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Duttware's Online Order Management System

Foshan Dutt Software Technology Co., Ltd. is a company specializing in the development and promotion of enterprise management software. A SQL injection vulnerability exists in the DuttSoft Online Order Management System. An attacker can exploit this vulnerability to obtain sensitive information i...

SQL Injection Vulnerability in Metinfo Website Building System 6.0.0

Founded in March 2009, Changsha Mito Information Technology Co., Ltd. is an Internet enterprise focusing on "providing informatization services for small and medium-sized enterprises". A SQL injection vulnerability exists in Metinfo website builder 6.0.0, which can be exploited by attackers to...

Generalized SQL Injection Vulnerability in Hubei Province Urban Construction Information Network

Hubei construction engineering information network is Hubei construction engineering information industry first portal official station. The Hubei Urban Construction Information Network suffers from a generic SQL injection vulnerability. It allows attackers to utilize common SQL injection tools t...