8141 matches found
EUVD-2025-204422
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...
CodeAstro Real Estate Management System SQL注入漏洞
CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which stems from an incorrect operation of the file /admin/stateadd.php, which could lead to a SQL injection atta...
Code-Projects Scholars Tracking System SQL注入漏洞
Code-Projects Scholars Tracking System is an open source scholars tracking system by Code-Projects. A SQL injection vulnerability exists in Code-Projects Scholars Tracking System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /deletepost.php, which could lead...
PT-2025-52502
Name of the Vulnerable Software and Affected Versions code-projects Simple Stock System version 1.0 Description A flaw exists in code-projects Simple Stock System 1.0 related to the processing of the /market/signup.php file. Manipulation of the Username argument can result in SQL injection. This...
itsourcecode Student Management System SQL注入漏洞
itsourcecode Student Management System is an itsourcecode open source student management system. SQL injection vulnerability exists in itsourcecode Student Management System version 1.0, which originates from an unknown function in the file /candidatesreport.php that improperly handles the...
PT-2025-52449
A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...
PT-2025-52513
Name of the Vulnerable Software and Affected Versions Simple Stock System version 1.0 Description A security flaw exists in Simple Stock System 1.0, specifically within an unknown functionality of the /market/update.php file. Manipulation of the email argument can lead to SQL injection. This atta...
CVE-2025-14897 CodeAstro Real Estate Management System Administrator Endpoint useragentdelete.php sql injection
A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit is...
CVE-2025-68111
ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execute arbitrary SQL queries by manipulating the MissingEgiveFamID...
EUVD-2025-204316
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...
CVE-2025-63948
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the databasemode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation...
CVE-2025-46268 Advantech WebAccess/SCADA SQL Injection
Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...
CVE-2021-47711 Kentico Xperience <= 13.0.52 Online Marketing Macros SQL Injection
A SQL injection vulnerability in Kentico Xperience allows authenticated editors to inject malicious SQL queries via online marketing macro method parameters. This enables unauthorized database access and potential data manipulation by exploiting macro method input validation weaknesses...
BIT-GITLAB-2025-12562 Allocation of Resources Without Limits or Throttling in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted GraphQL queries that bypass query complexity limits...
EUVD-2025-204246
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through = 2.1.5...
PT-2025-52123
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through = 1.2.1.6...
PT-2025-52314
Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2 Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQ...
PT-2025-52184
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...
Kentico Xperience SQL注入漏洞
Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...
PT-2025-52300
Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A SQL injection issue exists in Kentico Xperience, potentially allowing authenticated editors to inject malicious SQL queries through online marketing macro method parameters. This ...