Job Diary view-emp.php File SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID in the file /view-emp.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Digiwin SFT SQL注入漏洞

Digiwin SFT is a production tracking system from China-based Digiwin. A SQL injection vulnerability exists in Digiwin SFT, which can be exploited by an unauthenticated, remote attacker to inject arbitrary SQL commands that could result in reading, modifying, and deleting database content...

Code-Projects Church Donation System 注入漏洞

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter trcode in the file /members/offering.php. An attacker can exploit this...

Vehicle Parking Management System print.php File SQL Injection Vulnerability

Vehicle Parking Management System is a parking management system. Vehicle Parking Management System suffers from a SQL injection vulnerability that stems from an error in the parameter vid in the file /users/print.php that lacks validation of externally entered SQL statements. An attacker can...

Modern Bag product-detail.php file SQL Injection Vulnerability

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter ID in the file /product-detail.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal S...

Job Diary view-details.php file SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that stems from an error in the parameter jobid in the file /view-details.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL...

CVE-2025-7751

A vulnerability has been found in code-projects Online Appointment Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/addclinic.php. The manipulation of the argument cid leads to sql injection. The attack can be launched...

WordPress plugin Torod SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Torod suffers from a SQL injection vulnerability that stems from improper handling of special elements of SQL commands, which can be exploited by an attacker to...

Riverbed SteelCentral NetProfiler 安全漏洞

Riverbed SteelCentral NetProfiler is a network performance management software from Riverbed, USA. A security vulnerability exists in Riverbed SteelCentral NetProfiler version 10.8.7 that stems from SQL injection and command injection and could lead to remote code execution...

CVE-2025-7608

A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

ExpressionEngine: SQL injection in structure plugin

An SQL injection flaw was discovered in ExpressionEngine's Structure plugin. User input from the channelids parameter was passed directly into SQL queries without proper sanitization. The vulnerability required admin panel access...

CVE-2025-7514

A vulnerability was found in code-projects Modern Bag 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-list.php. The manipulation of the argument idStatus leads to sql injection. The attack may be launched remotely. The exploit ha...

Code-Projects Modern Bag 注入漏洞

Code-Projects Modern Bag is an online management system from Code-Projects open source. An injection vulnerability exists in Code-Projects Modern Bag version 1.0, which originates from SQL injection due to incorrect manipulation of the parameter idSlide in the file /admin/slide.php...

Bykea: MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint

MongoDB Query Logs & Schema Leak via Unauthenticated Endpoint An unauthenticated health check endpoint was discovered that exposed basic system and infrastructure details...

Code-Projects Modern Bag 注入漏洞

Modern Bag is an online management system. Modern Bag suffers from a SQL injection vulnerability that stems from an error in the parameter proId in file /action.php that lacks validation of externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL comman...

Code-Projects E-Commerce Site Security Vulnerability

Code-Projects E-Commerce Site is an e-commerce site of Code-Projects open source. A security vulnerability exists in version 1.0 of the code-projects Library System, which stems from improper manipulation of the parameter idn in the file /teacher-issue-book.php, which could lead to an SQL injecti...

Code-Projects Responsive Blog Site 注入漏洞

Code-Projects Responsive Blog Site is a responsive blog site from Code-Projects open source. Code-Projects Responsive Blog Site version 1.0 suffers from an injection vulnerability that stems from SQL injection due to incorrect manipulation of the parameter ID in the file /category.php...

Library System profile.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

Code-Projects Daily Expense Manager SQL注入漏洞

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

PHPGurukul Zoo Management System 注入漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-normal-ticket.php. An attacker can exploit this...