CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...

CVE-2025-49759

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

PT-2025-32675 · Ivanti · Ivanti Avalanche

Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.8.8008 Description: A SQL injection issue exists in Ivanti Avalanche. A remote authenticated attacker with admin privileges can execute arbitrary SQL queries. In certain conditions, this can also lead to...

CVE-2025-55156

pyLoad is the free and open-source Download Manager written in pure Python. Prior to version 0.5.0b3.dev91, the parameter addlinks in API /json/addpackage is vulnerable to SQL Injection. Attackers can modify or delete data in the database, causing data errors or loss. This issue has been patched ...

BIT-LIBPHP-2022-31631 PDO::quote() may return unquoted string

In PHP versions 8.0. before 8.0.27, 8.1. before 8.1.15, 8.2. before 8.2.2 when using PDO::quote function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities...

SQL Injection Vulnerability in Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.

Gansu Province Dangerous Goods Depot Monitoring Platform is a digital management system for real-time monitoring of dangerous goods storage and transportation. There is a SQL injection vulnerability in the Gansu Dangerous Goods Depot Monitoring Platform of Shenzhen Dingxintongda Technology Co.,...

CVE-2025-8809 code-projects Online Medicine Guide addelidetails.php sql injection

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

OpenMetadata 安全漏洞

OpenMetadata is OpenMetadata open source a unified discovery, observability and governance platform powered by a central metadata repository, deep along and seamless team collaboration. A security vulnerability exists in OpenMetadata 1.4.4 and earlier versions, which stems from an unvalidated...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

Student Attendance Management System 安全漏洞

Student Attendance Management System is a student attendance management system developed by rickxy. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the classId and classArmName parameters in th...

WordPress plugin FileBird SQL注入漏洞

WordPress FileBird is a media library management plugin designed for WordPress to help users efficiently organize and manage their media files by providing features such as an intuitive folder system, drag-and-drop operation, search function and batch upload. WordPress FileBird suffers from a SQL...

WordPress plugin CleverReach 注入漏洞

WordPress CleverReach is a cloud-based enterprise email marketing software that supports integration with WordPress, WooCommerce and other platforms, providing automated marketing, personalized email delivery, A/B testing and more. WordPress CleverReach suffers from a SQL injection vulnerability...

CVE-2025-51535

Austrian Archaeological Institute AI OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability...

Austrian Archaeological Institute OpenAtlas 安全漏洞

Austrian Archaeological Institute OpenAtlas is a software platform for humanities research from Austrian Archaeological Institute, Austria. A security vulnerability exists in Austrian Archaeological Institute OpenAtlas version v8.11.0 that stems from the presence of SQL injection...

Exam Form Submission /register.php File SQL Injection Vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter USN in the file /register.php. An attacker can exploit this vulnerability to execute illegal SQL...

Engeman Web SQL注入漏洞

Engeman Web is a maintenance management software from the Brazilian company Engeman. A SQL injection vulnerability exists in Engeman Web version 12.0.0.1 and earlier, which originates from an SQL injection caused by the parameter LanguageCombobox in the file /Login/RecoveryPass...

Online Appointment Booking System deletedoctorclinic.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter clinic in the file /admin/deletedoctorclinic.ph...

XWiki Platform SQL注入漏洞

XWiki Platform is XWiki's open source suite of Wiki platforms for creating web collaboration applications. A SQL injection vulnerability exists in XWiki Platform versions 9.4-rc-1 through 16.10.5 and 17.0.0-rc-1 through 17.2.2, which stems from a misbehavior of the parameter sort in...

WordPress WP Pipes SQL Injection Vulnerability

WordPress WP Pipes is an auto-collection plugin for WordPress, mainly used to merge the content of multiple RSS feeds into a new RSS feed, and supports regular updates and customized filtering features. WordPress WP Pipes suffers from a SQL injection vulnerability that stems from improper handlin...

📄 Joomla JS Jobs 1.4.2 SQL Injection

Joomla JS Jobs plugin version 1.4.2 suffers from a remote SQL injection vulnerability. Exploit Title: Joomla JS Jobs plugin 1.4.2 - SQL injection Google Dork: n/a Date: 07/07/2025 Exploit Author: Adam Wallwork Vendor Homepage: https://joomsky.com/ Demo: https://demo.joomsky.com/js-jobs/jm/free/...