GHSA-VH5J-5FHQ-9XWG Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

Online Shoe Store admin_football.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminfootball.php. The vulnerability can be exploited to execute...

Online Shoe Store admin_product.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminproduct.php. An attacker can exploit this vulnerability to...

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter name/adminid in the file...

Directory Management System search-directory.php File SQL Injection Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /admin/search-directory.php. An attacker can...

Chat System confirm_password.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /user/confirmpassword.php. An attacker can exploit this vulnerability to execute illegal SQL...

Code-Projects Client Details System 注入漏洞

Client Details System is a client information system. Client Details System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /clientdetails/admin/index.php. An attacker can exploit this...

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from a SQL injection vulnerability in loginlinkadmin.php that could lead to bypassing authentication...

CVE-2025-6156

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument testtype leads to sql injection. The attack can be...

Notice Board System search-notice.php File SQL Injection Vulnerability

Notice Board System is a bulletin board system. The Notice Board System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /search-notice.php. An attacker can exploit this vulnerability to...

Employee Record Management System /editmyexp.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter emp3workduration in the file /editmyexp.php. An...

CVE-2025-30507

CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections...

VulnCheck KEV: CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...

CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which originates from an incorrect operation of the file /register.php resulting in SQL injection...

Aem Solutions CMS 注入漏洞

Aem Solutions CMS is a software for content management from Aem Solutions, USA. An injection vulnerability exists in Aem Solutions CMS version 1.0 and prior versions, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /page.php...

CloudClassroom-PHP-Project SQL注入漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project v1.0 that stems from insufficient validation of the parameter pass input in the registrationform endpoint, which could lead to an SQL...

CVE-2025-40665

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...

CVE-2024-51101

PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php...

CVE-2025-0861

The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...