PT-2025-38081

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A vulnerability exists in Campcodes Grocery Sales and Inventory System 1.0. The issue is related to SQL injection within an unknown function of the file...

CVE-2025-10459

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/all-appointment.php. The manipulation of the argument delid results in sql injection. The attack can be executed remotely. The exploit has been released to the...

CVE-2025-10436

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/supsearchfrm.php?action=edit. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-10421

A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /updateaccount.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2025-37730

Name of the Vulnerable Software and Affected Versions Teampel version 5.1.6 Description Teampel version 5.1.6 is susceptible to SQL Injection through the /Common/login.aspx API endpoint. Recommendations As a temporary workaround, consider restricting access to the /Common/login.aspx endpoint unti...

PT-2025-37772

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A security issue has been identified in SourceCodester Online Student File Management System. The vulnerability resides in the /remove file.php file, specifically...

PT-2025-37759

Name of the Vulnerable Software and Affected Versions: kidaze CourseSelectionSystem affected versions not specified Description: A vulnerability exists in kidaze CourseSelectionSystem related to SQL injection. Manipulation of the Branch argument in an unknown function within the...

SourceCodester Pet Grooming Management Software SQL注入漏洞

SourceCodester Pet Grooming Management Software is a SourceCodester open source pet grooming management system. SourceCodester Pet Grooming Management Software version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter ID in the file...

PT-2025-37718

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.72.0 Frappe versions prior to 14.96.10 Description The add tag function at frappe/desk/doctype/tag/tag.py is susceptible to SQL Injection. This allows an attacker to extract information from databases by injecting a...

CVE-2025-57104

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...

CVE-2025-10409 SourceCodester Student Grading System rms.php sql injection

A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public...

CampCodes Grocery Sales and Inventory System SQL注入漏洞

CampCodes Grocery Sales and Inventory System is a grocery sales and inventory system from CampCodes Philippines. A SQL injection vulnerability exists in Campcodes Grocery Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in file/ajax.php, which...

CVE-2025-27240

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

NewType Infortech NUP Portal SQL注入漏洞

NewType Infortech NUP Portal is a portal management and collaborative office software system from NewType Infortech Taiwan, China. NewType Infortech NUP Portal suffers from a SQL injection vulnerability that originates from an unauthenticated, remote attacker who can inject arbitrary SQL commands...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Online Fire Reporting System version 1.2, which stems from an incorrect manipulation of the parameter todate in the file...

CVE-2025-10210

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

ExploitNotes

It is an offline collection of notes and examples for exploit...

Linux Distros Unpatched Vulnerability : CVE-2024-5314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

PT-2025-37091

Name of the Vulnerable Software and Affected Versions: ChanCMS versions up to 3.3.0 Description: A SQL injection weakness exists in the Search function within the app/modules/api/service/Api.js file. Manipulation of the key argument can lead to SQL injection. The exploit has been publicly release...

WordPress plugin Testimonial SQL注入漏洞

WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...