CVE-2025-11430

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-10587 Community Events <= 1.5.1 - Unauthenticated SQL Injection

The Community Events plugin for WordPress is vulnerable to SQL Injection via the eventcategory parameter in all versions up to, and including, 1.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-41311

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A security flaw exists in PHPGurukul Beauty Parlour Management System 1.1. The issue involves SQL injection due to manipulation of the searchdata argument within an unknown...

PT-2025-41214

Name of the Vulnerable Software and Affected Versions code-projects Web-Based Inventory and POS System version 1.0 Description A flaw exists in code-projects Web-Based Inventory and POS System 1.0. The issue is related to the manipulation of the emailid argument in the /login.php file, which can...

CVE-2025-11416 PHPGurukul Beauty Parlour Management System invoices.php sql injection

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to th...

CVE-2025-11415 PHPGurukul Beauty Parlour Management System customer-list.php sql injection

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit i...

CVE-2025-11403

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /delbooking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-11402 SourceCodester Hotel and Lodge Management System del_curr.php sql injection

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delcurr.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-11402

SourceCodester Hotel and Lodge Management System 1.0 contains a SQL injection vulnerability in the /del_curr.php file. The vulnerability arises from manipulating the ID parameter, permitting remote exploitation, and public disclosure of the exploit is noted across multiple sources (NVD, Red Hat, ...

CVE-2025-11400 SourceCodester Hotel and Lodge Management System del_room.php sql injection

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /delroom.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

EUVD-2025-32725

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /delroom.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2025-40885

A SQL Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can execute arbitrary SELECT SQL statements on the DBMS used by the web application, potentially exposing unauthorized da...

EUVD-2025-32708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection.This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-0603

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Callvision Healthcare Callvision Emergency Code allows SQL Injection, Blind SQL Injection. This issue affects Callvision Emergency Code: before V3.0...

CVE-2025-11349

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available...

CVE-2025-11350 Campcodes Online Apartment Visitor Management System bwdates-reports-details.php sql injection

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. Th...

SourceCodester Hotel and Lodge Management System 安全漏洞

SourceCodester Hotel and Lodge Management System is a SourceCodester open source hotel and lodge management system. A security vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...

PT-2025-40987

Name of the Vulnerable Software and Affected Versions Simple Food Ordering System version 1.0 Description A SQL injection issue exists in Simple Food Ordering System version 1.0. Manipulation of the Category argument in an unknown function within the /product.php file can lead to SQL injection. T...

CampCodes Online Apartment Visitor Management SQL注入漏洞

CampCodes Online Apartment Visitor Management is an online apartment visitor management system from CampCodes Philippines. CampCodes Online Apartment Visitor Management version 1.0 suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter Username in th...

(0Day) Ivanti Endpoint Manager MP_Report_Run2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPReportRun2 class. The issue results from the lack of proper validation of a...