PT-2025-48460

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description A SQL injection issue exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application does not properly sanitize user-supplied input used in SQL querie...

CVE-2025-13770

CVE-2025-13770 affects WebITR by Uniong. A SQL Injection vulnerability allows authenticated remote attackers to inject arbitrary SQL and read database contents. The issue is documented with CVSS v3.1/4.0 bases (6.5 MEDIUM and 7.1 HIGH, respectively). Affected versions are not specified in the sou...

CVE-2025-13769

CVE-2025-13769 concerns WebITR by Uniong, with a SQL injection vulnerability that, when exploited by authenticated remote attackers, can read database contents. The included sources consistently describe the flaw as a SQL injection affecting WebITR; however, no concrete affected version list or v...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

WordPress Attention Bar plugin <= 0.7.2.1 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by WPScan in WordPress Plugin Attention Bar versions = 0.7.2.1...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-923949)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-13579

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-13578 code-projects Library System Login index.php sql injection

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-13578 code-projects Library System Login index.php sql injection

A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

PT-2025-47882

Name of the Vulnerable Software and Affected Versions code-projects COVID Tracking System version 1.0 Description A flaw exists in the processing of the /login.php file within the software. Manipulation of the code argument can lead to SQL injection. This issue is remotely exploitable and an...

CVE-2025-13557

A vulnerability has been found in Campcodes Online Polling System 1.0. Affected by this issue is some unknown functionality of the file /registeracc.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the publ...

CVE-2025-13485

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been...

GHSA-G6XH-WRPF-V6J6 phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-13449

A vulnerability was found in code-projects Online Shop Project 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2025-13424

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

WordPress plugin Attention Bar 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

TencentOS Server 3: postgresql:15 (TSSA-2023:0326)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0326 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

itsourcecode Human Resource Management System SQL注入漏洞

itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...