PT-2025-41689

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A flaw exists in the Simple Food Ordering System that allows for SQL injection. This issue is located in the /editproduct.php file, where manipulation of the Category argument can lead to...

CVE-2025-11588 CodeAstro Gym Management System index.php sql injection

A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

EUVD-2025-33772

A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2025-33731

code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts...

CVE-2025-11188 CVE-2025-11188

The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database...

Kiwire Captive Portal 安全漏洞

Kiwire Captive Portal is a login authentication page from Kiwire Malaysia. A security vulnerability exists in Kiwire Captive Portal that stems from a SQL injection in the nas-id parameter, which could lead to an attack on the database...

EUVD-2025-33580

A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-11556

A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2025-11551

A vulnerability was determined in code-projects Student Result Manager 1.0. This affects an unknown function of the file src/students/Database.java. This manipulation of the argument roll/name/gpa causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

PT-2025-41464

Name of the Vulnerable Software and Affected Versions code-projects E-Commerce Website version 1.0 Description A SQL injection issue exists in code-projects E-Commerce Website 1.0. The issue is present in an unknown function within the /pages/user index search.php file. Manipulation of the Search...

PT-2025-41459

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description The software is susceptible to SQL Injection in the 'admin/view customer.php' file through the ID parameter. This allows for potential unauthorized access or modification ...

CVE-2025-60316

SourceCodester Pet Grooming Management Software 1.0 is vulnerable to SQL Injection in admin/viewcustomer.php via the ID parameter...

CVE-2025-60267

In xckk v9.6, there is a SQL injection vulnerability in which the cond parameter in notice/list is not securely filtered, resulting in a SQL injection vulnerability...

PT-2025-41443

Name of the Vulnerable Software and Affected Versions xckk version 9.6 Description The software contains a SQL injection issue due to insufficient filtering of the orderBy parameter within the ''/address/list'' API endpoint. This allows for potential unauthorized database access or modification...

CVE-2025-60265

The CVE-2025-60265 issue affects xckk v9.6 and is caused by insufficient filtering of the orderBy parameter in the /user/list endpoint, enabling SQL injection. The vulnerability is documented across multiple sources (e.g., Red Hat CVE page, EUVD/ENISA entries, and PT-2025-41411) with a described ...

CVE-2025-11507

A weakness has been identified in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/search-invoices.php. This manipulation of the argument searchdata causes sql injection. The attack can be initiated remotely. The exploit has been made...

django: Django SQL injection in FilteredRelation column aliases

An SQL injection flaw has been discovered in the Django web framework. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-11486

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available an...

EUVD-2025-33308

A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument registerusername results in sql injection. The attack is possible to be carried out remotely. The exploit ...

CVE-2025-10351 SQL injection vulnerability in Melis Platform

SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint...