CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 7.14.7 and earlier and versions 8.0.0-beta.1 through 8.9.0, which originates from an attacker who can construct a malicious callid parameter to manipulate SQL...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2022-50593

Advantech iView prior to v5.7.04 build 6425 exposes a SQL injection in the NetworkServlet search_term parameter (via SNMP management tool) that can lead to remote code execution with administrator privileges. Root cause appears to be unsanitized input allowing SQL statements to reach the backend....

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

PT-2025-45042

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions 1.5.0 and below Description The GLPI Inventory Plugin, which manages network discovery, inventory, software deployment, and data collection for GLPI agents, contains a SQL Injection issue. The plugin is vulnerabl...

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from user-supplied search...

PT-2025-44207

Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.0 Description Taiga, an open source project management platform, has an issue in its API. Versions 6.8.3 and earlier are susceptible to time-based blind SQL injection, potentially leading to the disclosure of...

CVE-2025-11893

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34101

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62389

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62383

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62391

Ivanti Endpoint Manager (EPM) has a SQL injection vulnerability CVE-2025-62391 that enables a remote authenticated attacker to read arbitrary data from the EPM database. Connected sources confirm the issue as SQL injection affecting Ivanti EPM, with remediation in Ivanti’s advisories: fixes for r...

Ivanti Endpoint Manager（EPM） SQL注入漏洞

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-11608

CVE-2025-11608 | code-projects E-Banking System 1.0 has a SQL injection in the POST Parameter Handler, originating from /register.php (parameters: username, password). Multiple sources confirm remote exploitation with a publicly disclosed exploit. Affected component: /register.php; vulnerability ...