EUVD-2025-201693

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /printpersonnelreport.php. This manipulation of the argument perid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

Code-Projects Simple Leave Manager SQL注入漏洞

Code-Projects Simple Leave Manager is an open source leave management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Simple Leave Manager version 1.0, which stems from incorrect manipulation of the parameter staffid in the file /request.php, which could lead to a...

itsourcecode Student Management System SQL注入漏洞

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

Code-Projects Simple Shopping Cart 安全漏洞

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...

PT-2025-49539

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0. The issue affects code within the /edit user.php file. Manipulation of the fname argument can lead to a SQL...

PT-2025-49555

Name of the Vulnerable Software and Affected Versions code-projects Simple Shopping Cart version 1.0 Description A flaw exists in code-projects Simple Shopping Cart version 1.0 that allows for remote SQL injection. The issue is located in the file '/adminlogin.php', specifically through...

PT-2025-49396

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12850

CVE-2025-12850 concerns the WordPress plugin “My auctions allegro”. It affects all versions up to and including 3.6.32 and enables a malicious actor to exploit an unauthenticated SQL Injection via the auction_id parameter. The root cause is insufficient escaping of user input and lack of proper q...

MGASA-2025-0320 Updated python-django packages fix security vulnerabilities

Potential SQL injection in FilteredRelation column aliases on PostgreSQL. CVE-2025-13372 Potential denial-of-service vulnerability in XML serializer text extraction. CVE-2025-64460...

CVE-2025-13495

The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Advantech iView SQL注入漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

EUVD-2025-200279

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

EUVD-2025-200224

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

WordPress Tax Service Electronic HDM plugin <= 1.2.0 - Unauthenticated Arbitrary SQL Injection vulnerability

Unauthenticated Arbitrary SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin TAX SERVICE Electronic HDM versions = 1.2.0...

CVE-2025-65380

PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...

Edoc-doctor-appointment-system 安全漏洞

Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from the docid parameter in /admin/appointment.php being susceptible to SQL injection attacks...

Blood Bank Management System 安全漏洞

Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the cancel.php component that could lead to unauthorized access...

Blood Bank Management System 安全漏洞

Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the receiverLogin.php component that could lead to unauthorized access...