PT-2025-34342 · Uniong · Webitr

Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to the unauthorized...

CVE-2025-9155

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forgetpassword.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

SourceCodester Online Bank Management System 安全漏洞

SourceCodester Online Bank Management System is a SourceCodester open source online bank management system. A security vulnerability exists in SourceCodester Online Bank Management System version 1.0, which is caused by SQL injection due to incorrect manipulation of parameter IDs...

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

CVE-2025-54726 WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a...

Visitor Management System front.php File SQL Injection Vulnerability

Visitor Management System is a visitor access management system. The Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /front.php. An attacker can exploit this...

PT-2025-34075

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. Prior to versions 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted...

Beauty Parlour Management System book-appointment.php File SQL Injection Vulnerability

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...

Online Shopping Portal Project signup.php File SQL Injection Vulnerability

Online Shopping Portal Project is an online shopping portal project. A SQL injection vulnerability exists in Online Shopping Portal Project, which originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /shopping/signup.php. An attacker can...

CVE-2025-7662

The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2025-9011

A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated...

WordPress School Management System for Wordpress plugin <= 93.2.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin School Management versions = 93.2.0...

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-9051

A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2025-8990 code-projects Online Medicine Guide browsemdcn.php sql injection

A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter phuname in the file /adphar.php. The vulnerability can be exploited to execute illegal SQL...

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8955

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2025-33420 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A vulnerability exists in SourceCodester COVID 19 Testing Management System 1.0, affecting unknown code within the /bwdates-report-result.php file. Manipulation of the...