Linux Distros Unpatched Vulnerability : CVE-2024-5315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

Linux Distros Unpatched Vulnerability : CVE-2024-5314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

CVE-2025-58448 rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via WorldName parameter. Commit 0d89ae0 fixes the issue...

CVE-2025-58993 WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS tutor allows SQL Injection.This issue affects Tutor LMS: from n/a through = 3.7.4...

CVE-2025-10115

CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...

OPEXUS FOIAXpress Public Access Link 安全漏洞

OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure, public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link prio...

uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-10106

A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

Web-Vulnerability-Scanner

This is a PoC exploit for a web vulnerability scanner created us...

Jinher OA SQL注入漏洞

Jinher OA is a collaboration management software from China Jinher Jinher. A SQL injection vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from improper handling of parameters in the /C6/Jhsoft.Web.departments/GetTreeDate.aspx file, which can lead to SQL injection...

PT-2025-36516

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A SQL injection issue exists in Campcodes Online Loan Management System 1.0. The vulnerability is located in unknown code within the /ajax.php?action=delete loan file...

PT-2025-36519

Name of the Vulnerable Software and Affected Versions Campcodes Online Loan Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Loan Management System. The issue affects processing of the file /ajax.php?action=delete payment. Manipulation of the ID argument...

CVE-2025-56630

FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...

CVE-2025-10011

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-10068

The CVE-2025-10068 entry concerns itsourcecode Online Discussion Forum 1.0. A SQL injection flaw exists in the file /admin/admin_forum/add_views.php triggered by manipulating the ID argument, enabling remote exploitation. Exploits have been published and may be used. Some connected sources (PT-20...

CVE-2025-48544

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-10030

CVE-2025-10030 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability affects the file /ajax.php?action=save_receiving where manipulation of the argument ID can lead to a SQL injection. It is described as exploitable remotely and the exploit has been made publicly available....

CVE-2025-9085

CVE-2025-9085 concerns the WordPress plugin “User Registration & Membership” (v4.3.0 and earlier). The vulnerability is a SQL Injection via the s parameter due to insufficient escaping and improper query preparation, enabling an authenticated attacker with administrator-level access to append SQL...

PT-2025-36369

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A weakness exists in Campcodes Grocery Sales and Inventory System 1.0 related to the processing of the /ajax.php?action=save receiving file. Manipulation of the ID argument...