PT-2025-49500

Name of the Vulnerable Software and Affected Versions Campcodes School File Management System version 1.0 Description A flaw exists in Campcodes School File Management System that allows for SQL injection. The issue is related to the manipulation of the stud id argument within the /update query.p...

Simple-PHP-Blog SQL注入漏洞

Simple-PHP-Blog is a simple blogging system by the individual developer Philip Okugbe. Simple-PHP-Blog suffers from a SQL injection vulnerability that stems from incorrect manipulation of the file /edit.php, which could lead to a SQL injection attack...

WordPress plugin donation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...

EUVD-2025-199995

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, a...

CVE-2025-13770

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13581 itsourcecode Student Information System schedule_edit1.php sql injection

A vulnerability was identified in itsourcecode Student Information System 1.0. Affected by this vulnerability is an unknown functionality of the file /scheduleedit1.php. Such manipulation of the argument scheduleid leads to sql injection. The attack may be launched remotely. The exploit is public...

CVE-2025-13557 Campcodes Online Polling System registeracc.php sql injection

A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the publ...

Nero Social Networking Site friendsphoto.php File SQL Injection Vulnerability

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /friendsphoto.php. An attacker can exploit this vulnerability t...

phpPgAdmin 安全漏洞

phpPgAdmin is an open source application of phppgadmin. The premier web-based administration tool for postgresql. A security vulnerability exists in phpPgAdmin 7.13.0 and earlier versions, which stems from the lack of cleanup or parameterization of user input in dataexport.php, which could lead t...

CVE-2025-13396 code-projects Courier Management System add-office.php sql injection

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

WordPress plugin Community Events SQL注入漏洞

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...

LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

Summary A Boolean-Based Blind SQL Injection vulnerability was identified in the LibreNMS application at the /ajaxoutput.php endpoint. The hostname parameter is interpolated directly into an SQL query without proper sanitization or parameter binding, allowing an attacker to manipulate the query...

CVE-2025-41348

WinPlus v24.11.27 by Informática del Este is affected by an SQL injection vulnerability. The issue stems from insufficient sanitization in the POST endpoint /WinplusPortal/ws/sWinplus.svc/json/getacumper_post, using parameters val1 and cont, which could enable an attacker to recover, create, upda...

CVE-2025-13274 Campcodes School Fees Payment Management System ajax.php sql injection

A weakness has been identified in Campcodes School Fees Payment Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=deletefees. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The...

CVE-2025-10460 Unsanitized parameter input leading to SQL Injection vulnerability

A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...

Kashipara Online Furniture Shopping Ecommerce Website 安全漏洞

Kashipara Online Furniture Shopping Ecommerce Website is a fast online shopping ecommerce website from Kashipara. A security vulnerability exists in Kashipara Online Furniture Shopping Ecommerce Website version 1.0, which stems from an unvalidated useremail parameter in userlogin.php, which could...

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. A SQL injection vulnerability exists in Online Shopping Portal due to a lack of validation of externally-entered SQL statements for the fullname, emailid, and contactno parameters in login.php. An attacker can exploit this vulnerability to execute...

EUVD-2025-197721

A vulnerability has been found in code-projects Student Information System 2.0. This issue affects some unknown processing of the file /register.php. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...

CVE-2025-13210

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from remote. The exploit has...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2022-0391)

A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator URL strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\r' and '\n' in the URL path. This flaw allows an...