CVE-2025-9532 Portabilis i-Educar view sql injection

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-30059

Technical details about CVE-2025-30059 are not provided in the connected EUVD entries or the references. Monitor for updates; the current documents do not specify affected versions, root cause specifics, or remediation steps.

CVE-2025-30058 SQL injection in getPatientIdentifier function of PatientService.pl

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter...

CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...

PT-2025-34827

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue is located in an unknown functionality within the /ajax.php?action=sav...

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...

Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in...

PT-2025-34856 · Unknown · Openreportwindow.Pl

Name of the Vulnerable Software and Affected Versions: utils/Reporter/OpenReportWindow.pl affected versions not specified Description: The “utils/Reporter/OpenReportWindow.pl” service contains an SQL injection issue through the UserID parameter. Recommendations: At the moment, there is no...

PT-2025-34876 · Unknown · Abantecart

Name of the Vulnerable Software and Affected Versions: AbanteCart version 1.4.2 Description: AbanteCart is susceptible to a SQL Injection issue. Unauthenticated attackers can execute arbitrary SQL commands via the tmpl id parameter in the index.php file. Exploitation techniques include error-base...

PT-2025-34834

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue has been identified in itsourcecode Apartment Management System version 1.0. The vulnerability is due to SQL injection in the /branch/addbranch.php file...

Linux Distros Unpatched Vulnerability : CVE-2023-24258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary...

CVE-2025-9471

CVE-2025-9471 affects itsourcecode Apartment Management System 1.0. The vulnerability is a SQL injection in the file /maintenance/add_maintenance_cost.php triggered by manipulating the ID parameter. It allows remote exploitation and the exploit has been publicly disclosed. Multiple sources corrob...

CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-34732

Name of the Vulnerable Software and Affected Versions: 1000projects Online Project Report Submission and Evaluation System version 1.0 Description: A SQL injection issue exists due to the manipulation of the batch id argument in the processing of the /admin/controller/delete group student.php fil...

CVE-2025-9423

A vulnerability was determined in Campcodes Online Water Billing System 1.0. Affected is an unknown function of the file /editecex.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

CVE-2025-9426 itsourcecode Online Tour and Travel Management System package.php sql injection

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the SelectListByPage function in the DictTypeDao.go file when processing the orderByColumn and isAsc arguments. An attacker can execute arbitrary SQL commands by supplying crafted input to these parameters. Remediation...

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.5 and earlier versions, which originates from SQL injection of the newurl parameter in the file app/logic/Ltool.php...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /complain/addcomplain.php. An attacker can exploit...