CVE-2025-10795 code-projects Online Bidding System bidupdate.php sql injection

A vulnerability has been found in code-projects Online Bidding System 1.0. This affects an unknown part of the file /administrator/bidupdate.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may ...

CVE-2025-10793

A vulnerability was detected in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/adminaccountdelete.php. Performing manipulation of the argument userid results in sql injection. It is possible to initiate the attack remotely. The...

CVE-2025-10786 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-10781

CVE-2025-10781 affects Campcodes Online Learning Management System 1.0. The vulnerability is in the file /admin/edit_class.php, where manipulation of the parameter named class_name enables a SQL injection. The description states the attack can be executed remotely and the exploit is publicly avai...

PT-2025-38718

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A flaw exists in itsourcecode Online Discussion Forum that could allow for remote code execution. The issue is related to a SQL injection impacting an unknown function within the...

PT-2025-38763

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A security issue exists in Campcodes Online Learning Management System. Remote attackers can exploit a SQL injection flaw by manipulating the d argument in the...

CampCodes Farm Management System SQL注入漏洞

CampCodes Farm Management System is a farm management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Farm Management System version 1.0, which stems from an incorrect manipulation of the parameter Type in the file /uploadProduct.php, which could lead to a SQL...

PT-2025-38755

Name of the Vulnerable Software and Affected Versions Campcodes Farm Management System version 1.0 Description A flaw exists in Campcodes Farm Management System that could allow for remote code execution. The issue is related to the manipulation of the Type argument in the /uploadProduct.php file...

PT-2025-38746

Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security issue exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves potential SQL injection due to manipulation of the fromdate/todate...

CVE-2025-10762 kuaifan DooTask UsersController.php sql injection

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

CVE-2025-10673

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

Summar Portal del Empleado SQL注入漏洞

Summar Portal del Empleado is an employee portal system from Summar Spain. Summar Portal del Empleado suffers from an SQL injection vulnerability that stems from incorrect manipulation of the parameter ctl00$ContentPlaceHolder1$filtroNombre in the file /MemberPages/quienesquien.aspx, which could...

CVE-2025-10623

The CVE-2025-10623 entry concerns SourceCodester Hotel Reservation System 1.0. The vulnerable element is the deleteuser.php file, where manipulation of the ID parameter results in an SQL injection. The vulnerability is exploitable remotely and there are public PoCs. Exploitation is supported by m...

CVE-2025-10613 itsourcecode Student Information System leveledit1.php sql injection

A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument levelid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2025-10448

A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

Pet-grooming-management-print-payment.php-v.1.0-Unauthorized-sql-injection

Pet-grooming-management-prin...

PHPGurukul User Management System SQL注入漏洞

User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /login.php. An attacker can exploit this vulnerability to...

PT-2025-38154

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has...

CVE-2024-13174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the...

CVE-2025-52044

In Frappe ERPNext v15.57.5, the function getstockbalance at erpnext/stock/utils.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query into inventorydimensionsdict parameter...