PT-2025-39774

Name of the Vulnerable Software and Affected Versions Simple Scheduling System version 1.0 Description A SQL injection issue exists in Simple Scheduling System version 1.0. The issue affects unknown code within the /schedulingsystem/addfaculty.php file. Manipulation of the falname argument can le...

CVE-2025-11088 itsourcecode Open Source Job Portal index.php sql injection

A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available ...

CVE-2025-11070

CVE-2025-11070 affects Projectworlds Online Shopping System 1.0. The vulnerable component is the file /store/cart_add.php, where manipulating the ID parameter enables a SQL injection. Public exploitability is indicated, with remote access possible and high impact on confidentiality, integrity, an...

CVE-2025-11063

A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/editdepartment.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by kidaze individual developer. A SQL injection vulnerability exists in CourseSelectionSystem version 1.0, which originates from an incorrect manipulation of the parameter csslc in the file /Profilers/PriProfile/COUNT3s5.php, which...

CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection

A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...

CVE-2025-11032 kidaze CourseSelectionSystem COUNT3s6.php sql injection

A flaw has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This issue affects some unknown processing of the file /Profilers/PriProfile/COUNT3s6.php. Executing manipulation of the argument CPU can lead to sql injection. The attack may be performed from...

CVE-2025-60108 WordPress LambertGroup - AllInOne - Banner with Thumbnails Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Thumbnails all-in-one-thumbnailsBanner allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Thumbnails: from n/a...

CVE-2025-60107 WordPress LambertGroup - AllInOne - Banner with Playlist Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Banner with Playlist all-in-one-bannerWithPlaylist allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Banner with Playlist: from n/a...

Hostel Management System index.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in parameter ID in file /justines/admin/modamenities/index.php. An attacker can exploit this...

CVE-2025-10846

A vulnerability was determined in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/ComponenteCurricular/edit. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-10833 1000projects Bookstore Management System login.php sql injection

A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed a...

CVE-2025-10831

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/proedit1.php. The manipulation of the argument prodcode leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed...

PT-2025-39119

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A flaw exists in SourceCodester Pet Grooming Management Software that allows for SQL injection. This occurs through manipulation of the sql111 argument in the file...

OnePlus OxygenOS 安全漏洞

OnePlus OxygenOS is a smartphone operating system from Chinese company OnePlus. A security vulnerability exists in OnePlus OxygenOS, which stems from a lack of write access to multiple content providers and SQL injection in the update method of these providers, which could lead to the disclosure ...

PT-2025-39187

Name of the Vulnerable Software and Affected Versions CSZ-CMS version 1.3.0 Description A SQL Injection issue exists in CSZ-CMS version 1.3.0. This allows a remote attacker to execute arbitrary code through the execSqlFile function located in the Upgrade.php file. The vulnerability is triggered b...

WordPress Wp tabber widget Plugin <= 4.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Peter Thaleikis in WordPress Plugin Wp tabber widget versions = 4.0...

CVE-2025-10810

CVE-2025-10810 affects Campcodes Online Learning Management System v1.0. The vulnerability is a SQL injection in the unknown function of /admin/edit_user.php triggered by manipulating the firstname parameter, exploitable remotely with public exploit available. Documented impact includes high conf...

CVE-2025-10807

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid results in sql injection. The attack may be launched remotely. The exploit...

CVE-2025-10797

The CVE-2025-10797 entry concerns code-projects Hostel Management System 1.0. The vulnerability affects the file /justines/index.php where manipulation of the log_email parameter enables SQL injection. Multiple connected sources (CNVD, CNNVD, Red Hat, CVE records) confirm remote exploitation pote...