PT-2025-34716 · Campcodes · Campcodes Online Water Billing System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Water Billing System version 1.0 Description: A SQL injection issue exists in Campcodes Online Water Billing System 1.0 due to manipulation of the ID argument in the /editecex.php file. This allows for remote exploitation. Th...

PT-2025-34577

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A SQL injection issue exists in the file app/logic/L tool.php due to the manipulation of the new url argument. This issue may be exploited remotely. The vendor was contacted but did not respond...

PT-2025-34718 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A security flaw exists in itsourcecode Online Tour and Travel Management System version 1.0. The issue involves SQL injection in the /enquiry.php file through...

CVE-2025-50860

SQL Injection in the listdomains function in Easy Hosting Control Panel EHCP 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter...

PT-2025-34650 · Undefined · Undefined

CVE-2025-58037 - Apache Solr SQL Injection CVE ID : CVE-2025-58037 Published : Aug. 23, 2025, 3:15 a.m. | 1 hour, 3 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-52085

An SQL injection vulnerability in Yoosee application v6.32.4 allows authenticated users to inject arbitrary SQL queries via a request to a backend API endpoint. Successful exploitation enables extraction of sensitive database information, including but not limited to, the database server banner a...

CVE-2025-52085

Yoosee application (v6.32.4) contains an SQL injection in a backend API endpoint that authenticated users can exploit to extract sensitive DB information (server banner/version, current user/schema, privileges, and data from any table). CVE-2025-52085 is documented with a HIGH impact (C/H/I/A). A...

Linux Distros Unpatched Vulnerability : CVE-2019-11387

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in OWASP ModSecurity Core Rule Set CRS through 3.1.0. /rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf allows remote attackers to cause a...

CVE-2025-9311

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-57761 WeGIA SQL Injection vulnerability via 'id_funcionario' param at endpoint `/html/funcionario/dependente_remover.php`

WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependenteremover.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

CVE-2025-9305 SourceCodester Online Bank Management System mnotice.php sql injection

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-9304

SourceCodester Online Bank Management System 1.0 contains a SQL injection vulnerability in the /bank/show.php function, exploitable by manipulating the ID parameter. The issue is exploitable remotely and an exploit has been published publicly, potentially affecting confidentiality, integrity, and...

CVE-2025-9236 Portabilis i-Educar Tipos de usuàrio educar_tipo_usuario_lst.php sql injection

A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educartipousuariolst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nmtipo/descrição leads to sql injection. The attack may be performed from a...

WordPress Listeo-Core Plugin < 2.0.7 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Lê Quốc Bảo in WordPress Plugin Listeo Core versions 2.0.7...

CVE-2025-54726

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through 6.1.6...

CVE-2025-54726

CVE-2025-54726 affects the WordPress plugin jquery-archive-list-widget (JS Archive List). Nuclei template and Patchstack/NVD entries indicate an SQL Injection in JS Archive List &lt;= 6.1.5 (up to

WordPress plugin JS Archive List SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

Online Medicine Guide browsemdcn.php File SQL Injection Vulnerability

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter Search in the file /browsemdcn.php. The vulnerability can be exploited by an attacker to...

D-Link DIR-818L Injection Vulnerability

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...