PT-2025-54443

Name of the Vulnerable Software and Affected Versions Codedraft Mediabay - WordPress Media Library Folders versions through 1.4 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for...

WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability

WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

Full Stack Bank SQL注入漏洞

Full Stack Bank is a banking system by the individual developer Krystian Pińczak. Full Stack Bank suffers from a SQL injection vulnerability that stems from unknown code manipulation of the component User Handler, which could lead to a SQL injection attack...

WordPress Outdoor plugin <= 1.3.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by John Lee in WordPress Theme Outdoor versions = 1.3.2...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

CVE-2025-15354

The CVE-2025-15354 vulnerability affects itsourcecode Society Management System 1.0. The flaw exists in the /admin/add_admin.php file, where manipulation of the Username parameter can lead to SQL injection. Attacks can be launched remotely over the network, and exploits have been published and ma...

EUVD-2025-205856

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

EUVD-2025-205803

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8...

EUVD-2025-205746

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

CVE-2025-15186

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-15181

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. Th...

CVE-2025-13417

The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform SQL injection attacks...

CVE-2025-15211 code-projects Refugee Food Management System refugee.php sql injection

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

Code-Projects Simple Stock System SQL注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. Code-Projects Simple Stock System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter Username in the file /market/login.php, which can lead to SQL...

PT-2025-53829

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A flaw exists in Refugee Food Management System 1.0 that allows for SQL injection. Manipulation of the arguments refNo, Fname, Lname, sex, age, contact, and nationality nid can lead to a...

PT-2025-54200

Name of the Vulnerable Software and Affected Versions Appointify versions through 1.0.8 Description A flaw exists in Appointify that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could potentially allow an attacker to manipulate...

PT-2025-53862

Name of the Vulnerable Software and Affected Versions Simple Stock System version 1.0 Description A flaw exists in Simple Stock System that allows for SQL injection. This occurs through manipulation of the Username argument in the file /market/login.php. The attack can be launched remotely. The...