Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34101

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62389

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62383

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62391

Ivanti Endpoint Manager (EPM) has a SQL injection vulnerability CVE-2025-62391 that enables a remote authenticated attacker to read arbitrary data from the EPM database. Connected sources confirm the issue as SQL injection affecting Ivanti EPM, with remediation in Ivanti’s advisories: fixes for r...

Ivanti Endpoint Manager（EPM） SQL注入漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-11608

CVE-2025-11608 | code-projects E-Banking System 1.0 has a SQL injection in the POST Parameter Handler, originating from /register.php (parameters: username, password). Multiple sources confirm remote exploitation with a publicly disclosed exploit. Affected component: /register.php; vulnerability ...

CVE-2025-11599

A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-10175 WP Links Page <= 4.9.6 - Authenticated (Subscriber+) SQL Injection

The WP Links Page plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 4.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticat...

Social Network Website SQL注入漏洞

Social Network Website is a simple social networking website by Pynch Personal Developers. Social Network Website suffers from a SQL injection vulnerability that stems from incorrect manipulation of an unknown function in the component Search, which could lead to an SQL injection attack...

EUVD-2025-33579

A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched remotely. The exploit ha...

CVE-2025-11555

CVE-2025-11555 concerns Campcodes Online Learning Management System v1.0. Multiple connected sources confirm a SQL injection in the /admin/calendar_of_events.php script caused by unsafely manipulating the date_start parameter. The vulnerability is exploitable remotely and exploit code is publicly...

CVE-2025-60267

In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...

CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter datestart in the file...

Code-Projects Online Complaint Site SQL注入漏洞

Online Complaint Site is an online complaint site. Online Complaint Site suffers from a SQL injection vulnerability that originates from the lack of validation of the parameter state in the file /cms/admin/state.php for externally entered SQL statements. An attacker can exploit this vulnerability...

PT-2025-41323

Name of the Vulnerable Software and Affected Versions code-projects Online Complaint Site version 1.0 Description A security flaw exists in code-projects Online Complaint Site version 1.0. The issue involves SQL injection due to manipulation of the cid argument when processing the file...

GHSA-MRMX-JFW8-QHGV Melis Platform CMS SQL Injection

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...

CVE-2025-11422

A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclose...

code-projects E-Commerce Website SQL注入漏洞

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...