SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...

CVE-2025-10563

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=savecategory. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

CVE-2025-10673 itsourcecode Student Information Management System index.php sql injection

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-10667 itsourcecode Online Discussion Forum compose_msg.php sql injection

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/composemsg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2024-13151

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection. This issue affects Auto Service Software: before v.2025.10.01...

CVE-2025-10603

A vulnerability was determined in PHPGurukul Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /admin/adminforum/searchresult.php. Executing manipulation of the argument Search can lead to sql injection. The attack can be launched remotely. The exploit...

GO-2025-3941 pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest

pREST has a Systemic SQL Injection Vulnerability in github.com/prest/prest...

CVE-2025-35431 CISA Thorium LDAP injection

CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1...

Pet-grooming-management-quotation.php-v.1.0-sql-injection

Pet-grooming-manageme...

PHPGurukul Online Discussion Forum SQL注入漏洞

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /admin/adminforum/searchresult.php. An attacker can exploit this...

CVE-2025-10562

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=saveproduct. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be...

PT-2025-38070

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. The manipulation of the ID argument in the /ajax.php?action=save product file causes SQL injectio...

CVE-2025-44034

CVE-2025-44034 affects oa_system oasys v1.1, with a SQL injection in the AddrController via alph parameters leading to remote code execution. The CVSS 3.1 base score is 8.0 (HIGH) with ADJACENT attack vector, LOW attack complexity, LOW privileges, no user interaction, and impacts to confidentiali...

CVE-2025-10473 yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-57104

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...

CVE-2025-10426

A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been releas...

CVE-2025-10420 SourceCodester Student Grading System form137.php sql injection

A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

CVE-2025-57104

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...

CVE-2025-10266 NewType Infortech｜NUP Portal - SQL Injection

NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2025-10266

NUP Pro by NewType Infortech is affected by a SQL injection vulnerability that allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. The CVE entry indicates a critical impact (CONFIDENTIALITY, INTEGRITY, and AVAILABILITY affected) ...