Code-Projects Prison Management System SQL注入漏洞

Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

CVE-2025-62192

CVE-2025-62192 is a SQL injection vulnerability affecting GroupSession Free edition before ver5.3.0, GroupSession byCloud before ver5.3.3, and GroupSession ZION before ver5.3.2. The issue could allow an authenticated user to obtain or alter data stored in the database. This is confirmed by multip...

PT-2025-50943

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

WordPress Donation plugin <= 1.0 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Yousof Nahya in WordPress Plugin Donation versions = 1.0...

CVE-2025-14527

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

CVE-2025-14514

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/adddistributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

PT-2025-50720

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2025-202333

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

Currency Exchange System /edittrns.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

EUVD-2025-202048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TalentSoft Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...

CVE-2025-67520 WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

WordPress plugin Accordion Slider PRO SQL注入漏洞

WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...

PT-2025-49894

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Accordion Slider PRO accordion slider pro allows Blind SQL Injection.This issue affects Accordion Slider PRO: from n/a through = 1.2...

Billing System password-recovery.php Endpoint SQL Injection Vulnerability

Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that stems from the username and mobileno parameters in the /admin/password-recovery.php endpoint not validating user input. An attacker can use this vulnerability to steal, tamper, or delete sensiti...

CVE-2025-14250 code-projects Online Ordering System user_contact.php sql injection

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

CVE-2025-14230

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/addpayroll.php. Performing manipulation of the argument detailId results in sql injection. The attack can be initiated remotely. The exploit is now publi...