CVE-2025-32327

CVE-2025-32327 affects Google Android via SQL injection in multiple functions of PickerDbFacade.java, enabling unauthorized data access and local elevation of privilege with no user interaction. Impact and exploit details are stated in multiple sources (NVD, Red Hat, CNVD, OSV). Root cause is an ...

CVE-2025-55476

FireShare FileShare 1.2.25 contains a time-based blind SQL injection vulnerability in the sort parameter of the endpoint: GET /api/videos/public?sort= This parameter is unsafely evaluated in a SQL ORDER BY clause without proper sanitization, allowing an attacker to inject arbitrary SQL subqueries...

PT-2025-36039

Name of the Vulnerable Software and Affected Versions: PickerDbFacade.java affected versions not specified Description: Multiple functions within PickerDbFacade.java are susceptible to SQL injection, potentially allowing unauthorized data access. Successful exploitation could lead to local...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

USN-7736-1: Django vulnerability

It was discovered that Django incorrectly handled certain inputs. An attacker could possibly use this issue to perform a SQL injection...

CVE-2025-57146

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the cid parameter of /complaint-details.php. An attacker can exploit this vulnerabili...

CVE-2025-56435

FoxCMS

CVE-2025-9840

A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2025-9839 itsourcecode Student Information Management System index.php sql injection

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/course/index.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possibl...

Human Resource Integrated System log_query.php File SQL Injection Vulnerability

Human Resource Integrated System is a human resource management system. Human Resource Integrated System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /logquery.php. An attacker can exploit...

Apartment Management System utility_bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...

QNAP Qsync Central SQL Injection Vulnerability

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...

QNAP Qsync Central SQL Injection Vulnerability (CNVD-2025-23620)

QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. A SQL injection vulnerability exists in QNAP Qsync Central, which can be exploited by attackers to execute unauthorized co...

itsourcecode Sports Management System 安全漏洞

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/gametype.php. An attacker can exploit this...

PHPGurukul Beauty Parlour Management System 安全漏洞

Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in...

CVE-2025-9794

CVE-2025-9794 affects Campcodes Computer Sales and Inventory System 1.0. A SQL injection vulnerability exists in the /pages/pos_transac.php?action=add endpoint, exploitable by manipulating the cash/firstname parameter. Attacks may be performed remotely, and multiple parameters could be affected. ...

CVE-2025-9702

A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /salesreport.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-9685

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2025-9770

A weakness has been identified in Campcodes Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Dashboard Login. This manipulation of the argument Password causes sql injection. It is possible to initiate the attack...