CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2025-1708 CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

WordPress plugin Ads Pro SQL注入漏洞

WordPress Ads Pro is a multi-purpose ad management plugin, mainly used for flexible management of ad space in WordPress websites, supporting banner ad display, billing mode settings and user-friendly ad placement solutions. WordPress ads pro suffers from a SQL injection vulnerability, which stems...

CampCodes Employee Management System 注入漏洞

CampCodes Employee Management System is an employee management system from CampCodes Philippines. An injection vulnerability exists in CampCodes Employee Management System version 1.0, which results from SQL injection due to incorrect manipulation of the parameter ID in the file /myprofileup.php...

CVE-2025-53098

Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the .roo/mcp.json file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would hav...

Code-Projects Simple Forum 注入漏洞

Simple forum is a simple forum. Simple forum suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter iii in file /forumedit.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

CVE-2025-6827

A vulnerability, which was classified as critical, was found in code-projects Inventory Management System 1.0. This affects an unknown part of the file /phpaction/editOrder.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Theme Junkie Team Content versions = 0.1.1...

Inventory Management System fetchSelectedBrand.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter brandId in the file /phpaction/fetchSelectedBrand.php. An attacke...

Mavi Yeşil Software Guest Tracking Software SQL注入漏洞

Mavi Yeşil Software Guest Tracking Software is a software for tracking visitor information from Mavi Yeşil Software, Turkey. Mavi Yeşil Software Guest Tracking Software suffers from a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, which...

Online Bidding System details.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of file /details.php. An attacker can exploit this vulnerability to execute illega...

SourceCodester Best Salon Management System 安全漏洞

SourceCodester Best Salon Management System is an open source salon management system from SourceCodester. A security vulnerability exists in SourceCodester Best Salon Management System version 1.0, which stems from improper handling of parameter IDs in the file /panel/stock.php, which could lead...

CVE-2025-44203

In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...

WordPress Code Engine plugin <= 0.3.2 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by zaim in WordPress Plugin Code Engine versions = 0.3.2...

CVE-2025-49150

Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent...

go-pg pg 安全漏洞

go-pg pg is a go-pg open source ORM for Golang. A security vulnerability exists in go-pg pg version v10.13.0, which stems from an unvalidated /types/appendvalue.go component that could lead to an SQL injection attack...

Complaint Management System /user/profile.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the /user/profile.php file parameter pincode. An attacker can exploit this...

CVE-2025-5971

The CVE-2025-5971 entry concerns code-projects School Fees Payment System v1.0 with an SQL injection in the /ajx.php file, caused by unsafely handling the name_startsWith parameter. The vulnerability can be exploited remotely and may lead to data disclosure or modification as described across CNV...

DM Corporative CMS SQL注入漏洞

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters name and cod in file /antbuspre.as...

CVE-2025-5581

A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has bee...