CVE-2025-9763

A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /studentsignup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be...

PT-2025-35448

Name of the Vulnerable Software and Affected Versions: Campcodes Online Feeds Product Inventory System version 1.0 Description: A security vulnerability exists in Campcodes Online Feeds Product Inventory System 1.0. The vulnerability affects unknown code within the /feeds/index.php file of the...

CampCodes Hospital Management System 安全漏洞

CampCodes Hospital Management System is a hospital management system from CampCodes, Inc. A security vulnerability exists in CampCodes Hospital Management System version 1.0, which originates from a SQL injection due to incorrect manipulation of the parameter Password in the component Admin...

Sports Management System /login.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates in the /login.php file that does not securely filter the User parameter. An attacker can exploit this vulnerability by constructing malicious SQL statements...

CVE-2025-9599

A weakness has been identified in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/monthsetup.php. Executing manipulation of the argument txtMonthName can lead to sql injection. The attack can be launched remotely. The...

PT-2025-35411

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the user id argument in an unknown function within the /ajax/updateProfile.php file. This allows for remote exploitation...

CVE-2025-9706

A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

CVE-2025-30061

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

PT-2025-35353

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/FormulaMedia/edit file of the Formula de Cálculo de Média Page component. Manipulation of t...

SourceCodester Online Polling System Code 安全漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A security vulnerability exists in SourceCodester Online Polling System Code version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter myusername in the file...

SUNNET Corporate Training Management System 安全漏洞

SUNNET Corporate Training Management System is a corporate training management system from SUNNET. A security vulnerability exists in SUNNET Corporate Training Management System versions prior to 10.11, which stems from vulnerability to SQL injection attacks...

SourceCodester Water Billing System 安全漏洞

SourceCodester Water Billing System is an open source water billing system from SourceCodester. A security vulnerability exists in SourceCodester Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /viewbill.php...

CVE-2025-29894 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

Apartment Management System addvisitor.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /visitor/addvisitor.php. An attacker can exploit this...

Code-Projects Simple Grading System 安全漏洞

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter txtMonthName in the file /setting/monthsetup.php. An attacker c...

CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/billinfo.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

CVE-2024-13979 St. Joe ERP System SingleRowQueryConverter SQL Injection

A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST requests to the login endpoint. The application fails to properly sanitize user-supplied input before incorporating it into...

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

CVE-2025-9532

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...