CVE-2025-41370 SQL injection vulnerability in Gandia Integra Total

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php...

CVE-2025-8372

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/updates7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit h...

CVE-2025-54379 eKuiper API endpoints handling SQL queries with user-controlled table names.

LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote...

CVE-2025-7919

CVE-2025-7919 relates to the WinMatrix3 Web package from Simopro Technology, which is affected by an SQL Injection vulnerability. The vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Connected sources provide CVS...

Code-Projects Online Shoe Store 注入漏洞

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /cart2.php. An attacker can exploit this vulnerability to execute illegal...

CVE-2023-5041

The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database...

CVE-2022-41968

Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for...

Restaurant Table Booking System edit-subadmin.php file SQL Injection Vulnerability

Restaurant Table Booking System is a restaurant table reservation system. Restaurant Table Booking System suffers from a SQL injection vulnerability that originates from a missing validation of an externally entered SQL statement in the parameter fullname of the edit-subadmin.php file. An attacke...

Food Ordering Management System 安全漏洞

Food Ordering Management System is a food ordering management system by the individual developer Carlo Montero. It provides an online platform to order food from a restaurant or fast food chain. A security vulnerability exists in Food Ordering Management System version 1.0 and prior versions, whi...

Exploit for CVE-2024-2387

CVE-2024-2387 Advanced Form Integration – Connect WooCommerce...

WordPress plugin L Squared Hub WP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin L...

CVE-2024-10658

A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approvecenter/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

Unspecified Vulnerability in Oracle MySQL Server (CNVD-2024-34920)

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which can be exploited by attackers to cause MySQL Server to hang without authorization or crash frequently and repeatedly full DOS...

Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Campcodes Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the id...

CVE-2024-5134

A vulnerability was found in SourceCodester Electricity Consumption Monitoring Tool 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-bill.php. The manipulation of the argument bill leads to sql injection. The attack can be initiated...

SUSE CVE-2024-22120

Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection...

CVE-2024-3315

A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0. It has been classified as critical. Affected is an unknown function of the file classes/user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...

Campcodes Online Marriage Registration System SQL注入漏洞

Online Marriage Registration System is a website builder that supports online marriage registration. A SQL injection vulnerability exists in Campcodes Online Marriage Registration System version 1.0, which originates from a SQL injection vulnerability in the searchdata parameter of the...

SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-13551)

Beijing Yisaitong Technology Development Co., Ltd. is a company whose business scope includes technical services, technology development, technology consulting, technology exchange, technology transfer, technology promotion and so on. There is a SQL injection vulnerability in the electronic...