WordPress plugin Animation Addons for Elementor 安全漏洞

WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...

EUVD-2025-201709

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14217 code-projects Currency Exchange System edittrns.php sql injection

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

PT-2025-49506

Name of the Vulnerable Software and Affected Versions code-projects Currency Exchange System version 1.0 Description A flaw exists in code-projects Currency Exchange System 1.0 where manipulation of the ID argument in the /viewserial.php file can lead to SQL injection. This issue is remotely...

PT-2025-49514

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

Code-Projects Online Ordering System 安全漏洞

Online Ordering System is an online ordering system. Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter productid in the file /userschool.php. An attacker can exploit this...

Code-Projects Currency Exchange System SQL注入漏洞

Code-Projects Currency Exchange System is a Code-Projects open source currency exchange system. A SQL injection vulnerability exists in Code-Projects Currency Exchange System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /viewserial.php, which could lead to ...

Apache 2.4.x < 2.4.66 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.66. It is, therefore, affected by multiple vulnerabilities: - Server-Side Request Forgery SSRF in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially le...

CVE-2025-14185

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-986300)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-12850

The My auctions allegro plugin for WordPress is vulnerable to SQL Injection via the ‘auctionid’ parameter in all versions up to, and including, 3.6.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible f...

JIZHICMS SQL注入漏洞

JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect manipulation of the parameter aid/tid in the file /index.php/admins/Comment/addcomment.html, which may...

CVE-2025-62173 Authenticated SQL Injection in Endpoint Module Rest API

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

EUVD-2025-200977

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...

EUVD-2025-200326

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...

EUVD-2025-200301

Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 is vulnerable to SQL injection via the 'title' parameter in com.wanli.lvzhoucms.service.ContentServicefindPage. The parameter is concatenated directly into a dynamic SQL query without sanitization or prepared statements,...

CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

CVE-2025-12483

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'query' parameter in all versions up to, and including, 3.11.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-12483

The vulnerability CVE-2025-12483 affects the Visualizer: Tables and Charts Manager for WordPress plugin. It is an authenticated SQL Injection via the query parameter in all versions up to 3.11.12, due to insufficient escaping and query preparation, enabling attackers with Contributor-level access...