PT-2025-36372

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum 1.0. The issue affects an unknown function within the /admin file. Manipulation of the Username parameter can...

CVE-2025-10012

Portabilis i-Educar up to 2.10 is affected by an SQL injection in educar_historico_escolar_lst.php via manipulation of the ref_cod_aluno parameter. The issue enables remote exploitation and has been publicly disclosed. Remediation per sources is to upgrade to a version newer than 2.10 or apply th...

CVE-2025-32327

CVE-2025-32327 affects Google Android via SQL injection in multiple functions of PickerDbFacade.java, enabling unauthorized data access and local elevation of privilege with no user interaction. Impact and exploit details are stated in multiple sources (NVD, Red Hat, CNVD, OSV). Root cause is an ...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

CVE-2025-56435

FoxCMS

Human Resource Integrated System log_query.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...

CVE-2025-9702

A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /salesreport.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9763

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /studentsignup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

CVE-2025-9599

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/monthsetup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The...

CVE-2025-30059

In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection...

CVE-2025-30061

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

SourceCodester Water Billing System 安全漏洞

SourceCodester Water Billing System is an open source water billing system from SourceCodester. A security vulnerability exists in SourceCodester Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /viewbill.php...

Linux Distros Unpatched Vulnerability : CVE-2017-1000031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid a...

ROS-20250829-03

A vulnerability in the Golang programming language is related to a race condition when canceling a database query. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

Linux Distros Unpatched Vulnerability : CVE-2023-24258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary...