Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter phuname in the file /adphar.php. The vulnerability can be exploited to execute illegal SQL...

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8955

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2025-33420 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A vulnerability exists in SourceCodester COVID 19 Testing Management System 1.0, affecting unknown code within the /bwdates-report-result.php file. Manipulation of the...

CVE-2025-8923 code-projects Job Diary edit-details.php sql injection

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Vehicle Management /filter1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter vehicle in file /filter1.php. An attacker can exploit this vulnerability to execute illegal...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2023-41522

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters...

CVE-2012-10047

CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...

The vulnerability of the software tools for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security monitoring and analysis tools FortiAnalyzer and FortiAnalyzer Cloud, stems from the lack of protective measures for the SQL query structure. This allows attackers to exploit the system to disclose sensitive information.

The vulnerability of the software solutions for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions of FortiAnalyzer and FortiAnalyzer Cloud, is related to the lack of protective measures for the SQL quer...

CVE-2025-47907

CVE-2025-47907 refers to a race condition in the Go language database/sql Rows Scan path when a query is cancelled, which can overwrite results or raise errors if parallel queries are running. Connected advisories indicate Golang package fixes across multiple distributions (e.g., newer golang/gol...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

PT-2025-32235 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.7 Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. The InboundEmail module allows the arbitrary execution of queries in the backend database,...

The vulnerability in the WeGIA web manager’s script /html/funcionario/dependente_editarInfoPessoal.php allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.

The vulnerability of the WeGIA web manager’s script /html/funcionario/dependenteeditarInfoPessoal.php is related to the lack of protection for the SQL query structure during the processing of the parameter idatendidofamiliares. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the WeGIA web manager, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the WeGIA web manager is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

CVE-2025-8441

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

Exploit for SQL Injection in Piwigo

CVE-2024-43018 - x Assign an ID - X Be officially populate...

deer-wms-2 注入漏洞

deer-wms-2 is a Chinese deerwms open source warehouse management system . The vulnerability exists in deerwms deer-wms-2 3.3 and earlier versions, the vulnerability stems from the file /system/role/export on the parameter paramsdataScope incorrect operation leads to SQL injection...

Vulnerability of the NetworkServlet.archiveTrap() function in the system for centrally managing network devices and ports of Advantech iView. This vulnerability allows a hacker to execute arbitrary code.

The vulnerability of the NetworkServlet.archiveTrap function in the system for managing network devices and ports of Advantech iView is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

Library System approve.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /approve.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...