CVE-2025-10791 code-projects Online Bidding System index.php sql injection

A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available t...

PT-2025-38710

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A flaw exists in code-projects Online Bidding System 1.0 within the file /administrator/bidupdate.php. Manipulation of the ID argument can lead to SQL injection. This issue is remotel...

PHPGurukul Park Ticketing Management System 安全漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of the fromdate parameter in the file foreigner-bwdates-reports-details.php against an externally entered SQL...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...

CVE-2025-10673 itsourcecode Student Information Management System index.php sql injection

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-10667 itsourcecode Online Discussion Forum compose_msg.php sql injection

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/composemsg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2024-13151

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection. This issue affects Auto Service Software: before v.2025.10.01...

CVE-2025-10621 SourceCodester Hotel Reservation System editroomimage.php sql injection

A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-44034

CVE-2025-44034 affects oa_system oasys v1.1, with a SQL injection in the AddrController via alph parameters leading to remote code execution. The CVSS 3.1 base score is 8.0 (HIGH) with ADJACENT attack vector, LOW attack complexity, LOW privileges, no user interaction, and impacts to confidentiali...

CVE-2025-10420 SourceCodester Student Grading System form137.php sql injection

A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

Django: SQL Injection in Django ORM via Unvalidated `_connector` in Q Objects

A critical SQL injection vulnerability was discovered in the Django ORM's handling of Q objects. The internal WhereNode.assql method used unsafe string formatting to inject the query connector, which could be controlled by an attacker through the connector key when creating a Q object. This allow...

CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2025-58993

CVE-2025-58993 affects the WordPress Tutor LMS plugin (Themeum Tutor LMS) up to version 3.7.4. It is a SQL Injection vulnerability caused by improper neutralization of input in SQL queries. CVSS v3.1 base score 7.6 (HIGH) with network attack vector, no user interaction, and high confidentiality i...

PHPGurukul Small CRM SQL注入漏洞

Small CRM is a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that stems from the /profile.php file not having a secure filter for the Name parameter. No details of the vulnerability are available at this time...

CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

SourceCodester Online Polling System Code SQL注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. SourceCodester Online Polling System Code version 1.0 has a SQL injection vulnerability, the vulnerability stems from improper handling of parameters in the /registeracc.php file, which may lead to SQ...

PT-2025-36372

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum 1.0. The issue affects an unknown function within the /admin file. Manipulation of the Username parameter can...

CVE-2025-10012

Portabilis i-Educar up to 2.10 is affected by an SQL injection in educar_historico_escolar_lst.php via manipulation of the ref_cod_aluno parameter. The issue enables remote exploitation and has been publicly disclosed. Remediation per sources is to upgrade to a version newer than 2.10 or apply th...