2786 matches found
CVE-2025-55320
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...
Configuration Manager Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...
Microsoft Configuration Manager SQL注入漏洞
Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up-to-date, set configuration and security policies, and monitor system status. Microsoft Configuration Manager suffers from a SQL injection...
CVE-2025-62389
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-11623
CVE-2025-11623 is a SQL injection vulnerability in Ivanti Endpoint Manager (EPM) that enables a remote authenticated attacker to read arbitrary data from the database. Multiple connected sources (NVD, RH, CNVD, EUVD, CNNVD, CVE lists) describe Ivanti Endpoint Manager as the affected product and c...
EUVD-2025-34064
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: before Version dated 06.10.2025...
CVE-2025-11664 Campcodes Online Beauty Parlor Management System search-appointment.php sql injection
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an SQL injection in the cpf parameter in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, whic...
PT-2025-41814
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database. The issue allows for unauthoriz...
Online Course Registration /admin/edit-course.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter coursecode in the file /admin/edit-course.php. An attacker ca...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
E-Commerce Website /pages/supplier_update.php SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from improper filtering of SQL statements submitted by the parameter suppid in the /pages/supplierupdate.php file, which can be exploited by an attacker to gain unauthorized...
PT-2025-41828
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remotely authenticated attacker can potentially read arbitrary data from the database. The issue allows for...
E-Commerce Website edit_order_details.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...
PT-2025-41709
Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions through 2.02.36 Description A flaw exists in RainyGao DocSys that allows for remote manipulation leading to SQL injection. The issue is related to the getUserList function within the /Manage/getUserList.do file. The...
CVE-2025-11603 code-projects Simple Food Ordering System editproduct.php sql injection
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be...
EUVD-2025-33814
A vulnerability was detected in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/edit-equipmentform.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and may be used...
CVE-2025-11590
CVE-2025-11590 affects CodeAstro Gym Management System 1.0. The vulnerability is a SQL injection in the unknown functionality of /admin/equipment-entry.php via manipulation of the ename parameter. It is exploitable remotely, with public exploit information available. Connected sources do not prov...