WordPress CTL Behance Importer Lite plugin <= 1.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin CTL Behance Importer Lite versions = 1.0...

CVE-2025-59742

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACKREQUESTFRMSQL.ASP'...

CVE-2025-52041

In Frappe ERPNext 15.57.5, the function getstockbalancefor at erpnext/stock/doctype/stockreconciliation/stockreconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventorydimensionsdict parameter...

CVE-2025-57254

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System HMS 1.0 allows remote attackers to execute arbitrary SQL queries via the username and password POST parameters. The application fails to properly sanitize input before embedding it into SQL...

CVE-2025-8122 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-11089 kidaze CourseSelectionSystem COUNT3s4.php sql injection

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...

CVE-2025-11089 kidaze CourseSelectionSystem COUNT3s4.php sql injection

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...

Code-Projects Simple Scheduling System SQL注入漏洞

Simple Scheduling System is a simple scheduling system. Simple Scheduling System suffers from a SQL injection vulnerability that stems from the failure of the /schedulingsystem/addroom.php file to effectively filter the room parameter. No details of the vulnerability are available at this time...

CVE-2025-11076

A vulnerability was found in Campcodes Online Learning Management System 1.0. This impacts an unknown function of the file /admin/editteacher.php. Performing manipulation of the argument department results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-11061

A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

CampCodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...

PT-2025-39751

Name of the Vulnerable Software and Affected Versions itsourcecode Open Source Job Portal version 1.0 Description A flaw exists in itsourcecode Open Source Job Portal that allows for SQL injection. The issue is located in the file /admin/vacancy/index.php?view=edit, specifically through...

CVE-2025-60109

CVE-2025-60109 affects the LambertGroup AllInOne Content Slider WordPress plugin. The issue is an improper neutralization of user input in an SQL query, enabling Blind SQL Injection. Impact is high for confidentiality (C:H) and low to moderate for availability, with CVSS v3.1 base score 8.5. Affe...

CVE-2025-10036

The FIFU (Featured Image from URL) WordPress plugin is affected by an authenticated SQL Injection vulnerability in get_all_urls() for versions up to and including 5.2.7. An Administrator+ attacker can inject additional SQL into existing queries to exfiltrate data. Patch information from connected...

PT-2025-39565

Name of the Vulnerable Software and Affected Versions Potenzaglobalsolutions PGS Core versions through 5.9.0 Description A flaw exists in Potenzaglobalsolutions PGS Core that allows SQL Injection due to improper neutralization of special elements used in an SQL command. This could allow an attack...

PT-2025-39676

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A flaw exists in code-projects E-Commerce Website 1.0 that allows for SQL injection. The issue is located in the file /pages/admin account update.php and involves manipulation of the use...

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

CVE-2025-29084

SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file...

CVE-2025-10857 Campcodes Point of Sale System POS login.php sql injection

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-10845

A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...