CVE-2025-14898

CVE-2025-14898 affects CodeAstro Real Estate Management System 1.0. In the file /admin/userbuilderdelete.php of the Administrator Endpoint , there is an input handling flaw that enables SQL injection . The issue is exploitable remotely and the exploit has been publicly released. The Red Hat/ENISA...

CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-67493 Homarr: missing input sanitization and possible privilege escalation through ldap search query injection

Homarr is an open-source dashboard. Prior to version 1.45.3, it was possible to craft an input which allowed privilege escalation and getting access to groups of other users due to missing sanitization of inputs in ldap search query. The vulnerability could impact all instances using ldap...

CVE-2025-34179

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

CVE-2025-67962

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AIOSEO Plugin Team Broken Link Checker broken-link-checker-seo allows SQL Injection.This issue affects Broken Link Checker: from n/a through = 1.2.6...

CVE-2025-68055 WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.32...

CVE-2023-36338

Inventory Management System 1 was discovered to contain a SQL injection vulnerability...

WordPress plugin Newsletter SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

CVE-2023-36338

Inventory Management System 1 was discovered to contain a SQL injection vulnerability...

CVE-2025-34179

NetSupport Manager

CVE-2023-38913

CVE-2023-38913 affects anirbandutta9 NEWS-BUZZ v.1.0. The connected sources specify a SQL injection vulnerability due to insufficient input validation in NEWS-BUZZ, which could allow a remote attacker to execute arbitrary code via a crafted script. Exploitation status is not confirmed in the docu...

PT-2025-51316

Name of the Vulnerable Software and Affected Versions Inventory Management System 1 affected versions not specified Description The Inventory Management System 1 software contains a SQL injection flaw. This issue could allow an attacker to manipulate database queries through crafted input. The...

PT-2025-51283

Name of the Vulnerable Software and Affected Versions Sunbird Power IQ versions prior to 9.2.1 Description An error-based SQL injection issue exists in the Power IQ API due to insufficient input validation when handling arrays in an outdated API endpoint. This allows manipulation of SQL queries...

PT-2025-51260

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...

CVE-2025-14668

A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now publi...

CVE-2025-14646

The CVE-2025-14646 entry describes a SQL injection in code-projects Student File Management System 1.0, triggered by manipulating the stud_id parameter in /admin/delete_student.php. Connected documents (CNVD-2026-00828, RH:CVE-2025-14646, CNNVD-202512-2597, VULNRICHMENT/CVE-2025-14646, PT-2025-51...

CVE-2025-13126 wpForo Forum <= 2.4.12 - Unauthenticated SQL Injection

The wpForo Forum plugin for WordPress is vulnerable to generic SQL Injection via the postargs and topicargs parameters in all versions up to, and including, 2.4.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...

PT-2025-51143

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System 1.0 that allows for SQL injection. The issue is located in the /update subject.php file, specifically through manipulation o...

EUVD-2025-203257

A vulnerability was identified in itsourcecode Online Pet Shop Management System 1.0. This affects an unknown part of the file /pet1/available.php. Such manipulation of the argument Name leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be us...

CVE-2025-14590 code-projects Prison Management System search1.php sql injection

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...