CVE-2025-10846 Portabilis i-Educar edit sql injection

A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-10828

CVE-2025-10828 concerns a SQL injection in SourceCodester Pet Grooming Management Software 1.0, triggered by manipulation of the ID parameter in the file /admin/edit.php. This leads to remote exploitation and is supported by multiple feeds (NVD and partner reports) with a high severity (NVD base ...

PT-2025-39122

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A flaw exists in code-projects Online Bidding System that allows for SQL injection. The issue is located in the file /administrator/wew.php and involves manipulation of the ID argumen...

Online Course Registration my-profile.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cgpa in the file /my-profile.php. An attacker can exploit thi...

Code-Projects Online Bidding System SQL注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from insufficient validation of the parameter ID in the file /administrator/weweee.php. An attacker can use this vulnerability to obtain sensitive information from t...

CVE-2025-29083

CSZ-CMS 1.3.0 is affected by an SQL Injection in Plugin_Manager.php (execSqlFile) that can lead to remote code execution. The vulnerability has been described across multiple sources as allowing an attacker to execute arbitrary code, with CVSS Brook 3.1 metrics indicating network access, low atta...

CampCodes Online Beauty Parlor Management System SQL注入漏洞

CampCodes Online Beauty Parlor Management System is an online beauty parlor management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Beauty Parlor Management System version 1.0, which stems from incorrect manipulation of the parameters fromdate a...

PT-2025-39102

Name of the Vulnerable Software and Affected Versions Campcodes Computer Sales and Inventory System version 1.0 Description A SQL injection issue exists due to the manipulation of the prodcode argument. This impacts an unknown function within the /pages/pro edit1.php file. The attack can be carri...

PT-2025-39112

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in SourceCodester Pet Grooming Management Software that allows for remote SQL injection. This occurs through manipulation of the ID argument within an unknow...

CVE-2025-10809

CVE-2025-10809 affects Campcodes Online Learning Management System 1.0. The vulnerability is an SQL injection in the /admin/department.php file caused by manipulating the unknown function argument d . The issue is exploitable remotely, and the exploit has been publicly disclosed. Public records d...

CVE-2025-10804

A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/add-customer.php. Performing manipulation of the argument mobilenum results in sql injection. The attack can be initiated remotely. The exploi...

CVE-2025-10791 code-projects Online Bidding System index.php sql injection

A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available t...

CVE-2025-10786

Campaign: CVE-2025-10786 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability resides in the file /ajax.php?action=delete_user, where manipulation of the ID parameter enables SQL injection. Attack is remote and requires no authentication. An exploit has been published and ...

PT-2025-38710

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A flaw exists in code-projects Online Bidding System 1.0 within the file /administrator/bidupdate.php. Manipulation of the ID argument can lead to SQL injection. This issue is remotel...

SourceCodester Online Hotel Reservation System 安全漏洞

SourceCodester Online Hotel Reservation System is a SourceCodester open source online hotel system. A security vulnerability exists in SourceCodester Online Hotel Reservation System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file deleteslide.php, which coul...

PT-2025-39045

Name of the Vulnerable Software and Affected Versions WPFunnels Mail Mint versions through 1.18.6 Description A flaw exists in WPFunnels Mail Mint that allows for SQL Injection. The issue is due to improper neutralization of special elements within SQL commands. This could potentially allow an...

WordPress plugin WPFunnels Mail Mint SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

PHPGurukul Park Ticketing Management System 安全漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of the fromdate parameter in the file foreigner-bwdates-reports-details.php against an externally entered SQL...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...