CVE-2025-4865

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/membersave.php. The manipulation of the argument last leads to sql injection. The attack may be initiated remotely. The exploit has...

CampCodes Online Shopping Portal 注入漏洞

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. Campcodes Online Shopping Portal suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter email in the file /forgot-password.php. An...

CVE-2025-4812

A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiat...

CVE-2025-4741

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/purchaseadd.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has be...

PHPGurukul Park Ticketing Management System 注入漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /normal-search.php. An attacker c...

WordPress plugin Radio Player Shoutcast & Icecast SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2024-11372

The Connexion Logs WordPress plugin through 3.0.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks...

Cyber Cafe Management System add-computer.php File SQL Injection Vulnerability

Cyber Cafe Management System is an internet cafe management system. Cyber Cafe Management System suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter compname/comploc in the file add-computer.php resulting in SQL injection. No details of the...

Rebuild 安全漏洞

Rebuild is a highly customizable enterprise management system from getrebuild open source. A security vulnerability exists in Rebuild v3.9.0 through v3.9.3, which stems from an SQL injection in the /admin/admin-cli/exec component...

Siemens OZW672和Siemens OZW772 SQL注入漏洞

The OZW device web server is used for remote monitoring of building controller devices, e.g. for monitoring heating control or air conditioning status. A code execution and SQL injection vulnerability exists in the Siemens OZW672 and OZW772 web servers, which can be exploited by an attacker to...

LyLme Spage 注入漏洞

LyLme Spage Six Zero navigation page is China Six Zero LyLme open source a navigation page . Dedicated to simple and efficient advertising-free Internet navigation and search portal , support for background links , custom search engine , precipitation of the most valuable links , no commercial...

CampCodes Online Food Ordering System 注入漏洞

CampCodes Online Food Ordering System is an online food ordering system from CampCodes, Inc. An injection vulnerability exists in CampCodes Online Food Ordering System version 1.0, which originates from SQL injection due to parameter ID manipulation in file /view-ticket-admin.php...

SLiMS 9 Bulian 安全漏洞

SLiMS 9 Bulian is a free and open source software from the SLiMS community in Indonesia. It is used for library resource management e.g. books, journals, digital files and other library materials and administration. A security vulnerability exists in SLiMS 9 Bulian version 9.6.1, which stems from...

VulnCheck KEV: CVE-2025-2011

The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

SourceCodester Stock Management System 注入漏洞

SourceCodester Stock Management System is a SourceCodester open source inventory management system. An injection vulnerability exists in SourceCodester Stock Management System version 1.0, which stems from improper handling of the parameter Username in the file /classes/Login.php, which can lead ...

SourceCodester Simple To-Do List System 安全漏洞

SourceCodester Simple To-Do List System is a SourceCodester open source simple to-do list system. A security vulnerability exists in SourceCodester Simple To-Do List System version 1.0, which is caused by SQL injection due to incorrect manipulation of the parameter ID in the file /completetask.ph...

Sunnet eHRD CTMS SQL注入漏洞

Sunnet eHRD CTMS is a Human Resource Development and Clinical Training Management System from China Sunnet Sunnet. A SQL injection vulnerability exists in Sunnet eHRD CTMS version 10.13 and prior versions, which stems from a SQL injection vulnerability that could allow a remote attacker to read...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to improper escaping of a query parameter in the postgres64, postgres7, postgres8, and postgres9 drivers. An attacker can execute arbitrary SQL statements by injecting malicious SQL code into the pginsertid method...

SQL Injection

Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to SQL Injection via spendmanagementendpoints.py. An attacker could potentially inject malicious SQL code through unsanitized input, leading to unauthorized data access or...

PHPGurukul Pre-School Enrollment System 注入漏洞

PHPGurukul Pre-School Enrollment System is a web-based preschool enrollment system from PHPGurukul, Inc. An injection vulnerability exists in version 1.0 of the PHPGurukul Pre-School Enrollment System, which stems from an incorrect manipulation of the parameter Status resulting in SQL injection...