CVE-2025-8715

Improper neutralization of newlines in pgdump in PostgreSQL allows a user of the origin server to inject arbitrary code for restore-time execution as the client operating system account running psql to restore the dump, via psql meta-commands inside a purpose-crafted object name. The same attacks...

CVE-2025-52720

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through = 7.5...

CVE-2025-39510 WordPress Pinterest Automatic Pin plugin < 4.19.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ValvePress Pinterest Automatic Pin wp-pinterest-automatic allows SQL Injection.This issue affects Pinterest Automatic Pin: from n/a through 4.19.0...

CVE-2025-52823 WordPress Cube Portfolio Plugin <= 1.16.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ovatheme Cube Portfolio cubeportfolio allows SQL Injection.This issue affects Cube Portfolio: from n/a through = 1.16.8...

CVE-2025-8953

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit ha...

CVE-2025-8954

CVE-2025-8954 affects PHPGurukul Hospital Management System 4.0 in the /admin/doctor-specilization.php file, where the doctorspecilization parameter is susceptible to SQL injection. The vulnerability can be exploited remotely and an exploit has been publicly disclosed. Multiple connected sources ...

CVE-2025-8952 Campcodes Online Flight Booking Management System Login ajax.php sql injection

A vulnerability was found in Campcodes Online Flight Booking Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be...

CVE-2025-8950

Campcodes Online Recruitment Management System 1.0 is affected by a SQL injection in /Recruitment/index.php?page=view_vacancy caused by manipulating the ID parameter. This vulnerability appears to be remotely exploitable and has been publicly disclosed. Connected sources consistently identify the...

CVE-2025-8936 1000 Projects Sales Management System dordupdate.php sql injection

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8935

A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-8931 code-projects Medical Store Management System ChangePassword.java sql injection

A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to...

WordPress plugin MapSVG SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

itsourcecode Online Tour and Travel Management System 注入漏洞

itsourcecode Online Tour and Travel Management System is a itsourcecode open source online tour and travel management system. An injection vulnerability exists in itsourcecode Online Tour and Travel Management System version 1.0, which is caused by incorrect manipulation of the parameter...

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-8924

A vulnerability was identified in Campcodes Online Water Billing System 1.0. This issue affects some unknown processing of the file /viewbill.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may...

CVE-2025-8908 Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID in the file /admin-inbox.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

WellChoose Organization Portal System SQL注入漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a SQL injection vulnerability that arises from the application's lack of validation of externally entered SQL statements. The...