CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

SourceCodester Online Polling System Code SQL注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. SourceCodester Online Polling System Code version 1.0 has a SQL injection vulnerability, the vulnerability stems from improper handling of parameters in the /registeracc.php file, which may lead to SQ...

PT-2025-36372

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum 1.0. The issue affects an unknown function within the /admin file. Manipulation of the Username parameter can...

CVE-2025-32327

CVE-2025-32327 affects Google Android via SQL injection in multiple functions of PickerDbFacade.java, enabling unauthorized data access and local elevation of privilege with no user interaction. Impact and exploit details are stated in multiple sources (NVD, Red Hat, CNVD, OSV). Root cause is an ...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

CVE-2025-56435

FoxCMS

Human Resource Integrated System log_query.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

CVE-2025-9702

A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /salesreport.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9763

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /studentsignup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

CVE-2025-9599

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/monthsetup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The...

CVE-2025-30061

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

SourceCodester Water Billing System 安全漏洞

SourceCodester Water Billing System is an open source water billing system from SourceCodester. A security vulnerability exists in SourceCodester Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /viewbill.php...

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

Linux Distros Unpatched Vulnerability : CVE-2023-24258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /complain/addcomplain.php. An attacker can exploit...

PT-2025-34342 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to the unauthorized...