EUVD-2025-205662

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/viewproducts.php. The manipulation of the argument chkId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

itsourcecode Society Management System SQL注入漏洞

itsourcecode Society Management System is an itsourcecode open source society management system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Society Management System, which stems from incorrect manipulation of the parameter Username in the file /admin/editadminquery.php,...

EUVD-2025-205604

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2025-15184 code-projects Refugee Food Management System refugeesreport2.php sql injection

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

EUVD-2025-205572

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2025-53810

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A security issue exists in Refugee Food Management System 1.0. The issue involves potential SQL injection due to manipulation of the argument a/b/c/sex/d/e/nationality nid within the file...

CVE-2025-15078 itsourcecode Student Management System list_report.php sql injection

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /listreport.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

EUVD-2025-205362

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /studentp.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the...

Kentico Xperience SQL Injection Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...

CVE-2023-36525 WordPress WPJobBoard plugin <= 5.9.0 - Unauth. Blind SQL Injection (SQLi) vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0...

CVE-2025-15034

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...

CVE-2025-15002

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...

CVE-2025-15004 DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

PT-2025-52690

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 has a local file read issue. Attackers can access system files through SQL injection in the query endpoint. Exploitation involves the pg read file PostgreSQL function via...

EUVD-2025-204608

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidatesreport.php. The manipulation of the argument schoolyear leads to sql injection. The attack can be initiated remotely. The exploit is...

CVE-2025-14900

CodeAstro Real Estate Management System 1.0 is affected. The vulnerability is an SQL injection in the Administrator Endpoint, caused by manipulation of the ID parameter in /admin/userdelete.php. Exploitation can be remote and a public exploit exists. The root cause is improper handling of the ID ...

PT-2025-52504

Name of the Vulnerable Software and Affected Versions code-projects Simple Blood Donor Management System version 1.0 Description A flaw exists in code-projects Simple Blood Donor Management System version 1.0 that allows for remote SQL injection. The issue is located in the /editedcampaign.php...

CVE-2025-14898

CVE-2025-14898 affects CodeAstro Real Estate Management System 1.0. In the file /admin/userbuilderdelete.php of the Administrator Endpoint , there is an input handling flaw that enables SQL injection . The issue is exploitable remotely and the exploit has been publicly released. The Red Hat/ENISA...

CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-67493 Homarr: missing input sanitization and possible privilege escalation through ldap search query injection

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...