CVE-2024-44644

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...

PT-2025-47108

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

CVE-2024-44659

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php...

PHPGurukul Small CRM 安全漏洞

Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...

PT-2025-47177

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to a SQL Injection issue through the recover email parameter in the user password recover.php file. This allows for potential unauthorized acces...

PT-2025-47169

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to SQL Injection. The issue affects the user register.php file and involves the user email, username, user firstname, user lastname, and user...

PT-2025-47146

Name of the Vulnerable Software and Affected Versions itsourcecode Online Voting System version 1.0 Description A flaw exists in itsourcecode Online Voting System that allows for SQL injection. This issue stems from manipulating the Username parameter within an unknown function of the /login.php...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...

CVE-2025-13243

A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-13242

A vulnerability has been found in code-projects Student Information System 2.0. This issue affects some unknown processing of the file /register.php. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be...

Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from improper handling of user input in the /register.php file. No details of the vulnerability are available at this time...

EUVD-2025-197708

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2024-44633

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php...

CVE-2025-64084

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

CVE-2025-11981

CVE-2025-11981 affects the WordPress plugin School Management System – WPSchoolPress up to version 2.2.23 . The vulnerability is an SQL Injection via the SCodes parameter caused by insufficient escaping and inadequate query preparation. The impact described in the sources is that an attacker with...

CVE-2025-12620

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CVE-2025-63724

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

CVE-2025-63724

SVX Portal 2.7A has a SQL injection in the admin/update_setings.php endpoint triggered by crafted POST requests. The vulnerability affects the portal’s server-side handling of input and can lead to unauthorized query manipulation. References from multiple sources corroborate the issue for version...

CVE-2025-13121 cameasy Liketea API Endpoint StoreController.php list sql injection

A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. The attack may be performed from...

CVE-2025-12620

CVE-2025-12620 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (versions up to and including 6.0.7). The root cause is insufficient escaping and inadequate preparation of the SQL query used with the filterbyauthor parameter, enabling an authenticated attacker ...