PT-2025-47169

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to SQL Injection. The issue affects the user register.php file and involves the user email, username, user firstname, user lastname, and user...

PT-2025-47108

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...

PHPGurukul Small CRM 安全漏洞

Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...

CVE-2024-44644

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...

PT-2025-47177

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to a SQL Injection issue through the recover email parameter in the user password recover.php file. This allows for potential unauthorized acces...

CVE-2024-44659

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php...

CVE-2024-44633

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php...

CVE-2025-64084

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

CVE-2025-12620

CVE-2025-12620 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (versions up to and including 6.0.7). The root cause is insufficient escaping and inadequate preparation of the SQL query used with the filterbyauthor parameter, enabling an authenticated attacker ...

CVE-2025-10968

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 7.14.7 and earlier and versions 8.0.0-beta.1 through 8.9.0, which originates from an attacker who can construct a malicious callid parameter to manipulate SQL...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2022-50593

Advantech iView prior to v5.7.04 build 6425 exposes a SQL injection in the NetworkServlet search_term parameter (via SNMP management tool) that can lead to remote code execution with administrator privileges. Root cause appears to be unsanitized input allowing SQL statements to reach the backend....

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

PT-2025-45042

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions 1.5.0 and below Description The GLPI Inventory Plugin, which manages network discovery, inventory, software deployment, and data collection for GLPI agents, contains a SQL Injection issue. The plugin is vulnerabl...

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from user-supplied search...

CVE-2025-11893

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...