Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. The Student Information System suffers from a SQL injection vulnerability that originates from the parameter s in the /searchquery.php file that does not effectively filter user input. An attacker can exploit this vulnerability by...

Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...

itsourcecode Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the PROID parameter in the /index.php?q=product file that does not securely filter user input. An attacker can exploit this vulnerability ...

CVE-2025-11981

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

PT-2025-47062

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security issue exists in itsourcecode Inventory Management System version 1.0. Manipulation of the PROMODEL argument in the file /admin/products/index.php?view=add can lead to...

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Django has security vulnerabilities, which stem from SQL injection via the connector, potentially allowing...

CVE-2024-44636

CVE-2024-44636 affects PHPGurukul Student Record System 3.20. A SQL Injection flaw exists in /admin-profile.php, exploitable via the parameters adminname and aemailid . The vulnerability, confirmed across multiple sources, could allow an attacker to execute SQL commands and access database data. ...

PT-2025-46577

Name of the Vulnerable Software and Affected Versions ViewLead Technology Bacteriology Laboratory Reporting System affected versions not specified Description The Bacteriology Laboratory Reporting System allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially enablin...

CVE-2025-59499

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

CVE-2025-12931 SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2025-46180

Name of the Vulnerable Software and Affected Versions rickxy Hospital Management System version 1.0 Description The patient prescription viewing functionality within the his doc view single patient.php component contains an SQL injection issue. The pat number GET parameter is directly incorporate...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from vulnerability to SQL injection attacks that could lead to data exfiltration in the BigQuery data source...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

CVE-2025-48089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

CVE-2025-12857

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

EUVD-2025-38246

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...

CVE-2022-50592

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...