CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter chkId in the file /admin/viewunit.php, which could lead t...

PT-2025-51148

Name of the Vulnerable Software and Affected Versions code-projects Student File Management System version 1.0 Description A flaw exists in the Student File Management System that allows for remote code execution. The issue is located in the file /admin/delete user.php and involves the manipulati...

PT-2025-51153

Name of the Vulnerable Software and Affected Versions itsourcecode Online Cake Ordering System version 1.0 Description A SQL injection issue exists in itsourcecode Online Cake Ordering System version 1.0. The issue is located in the /cakeshop/supplier.php file. Manipulation of the supplier...

CVE-2025-14578

A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /updateaccount.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

EUVD-2025-203261

A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

EUVD-2025-203258

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

CVE-2025-14621

A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/updateuser.php. The manipulation of the argument userid leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

SQL Injection

LangGraph SQLite Checkpoint is vulnerable to SQL injection. The vulnerability is due to unsafe construction of SQL queries using unvalidated metadata filter keys, where attacker-controlled keys are interpolated directly into SQL f-strings in the checkpoint search logic, allowing manipulation of...

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

SQL Injection

devcode-it/openstamanager is vulnerable to a SQL Injection. The vulnerability is due to improper validation of the display parameter in the API, which allows an attacker to inject and execute arbitrary SQL queries to access, modify, or delete database data...

SQL Injection

Apache Hive is vulnerable to SQL Injection. The vulnerability is due to improper handling of delete column statistics requests via Thrift APIs, which allows an authorized attacker to inject malicious SQL queries and manipulate backend database operations...

Code-Projects Prison Management System SQL注入漏洞

Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...

PT-2025-51112

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue affects unknown code within the /update program.php file and allows for SQL injection through...

PT-2025-51059

The افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-14570

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewadmin.php. This manipulation of the argument adminid causes sql injection. The attack may be initiated remotely. The exploit has been publishe...

EUVD-2025-203090

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

CVE-2025-62192

CVE-2025-62192 is a SQL injection vulnerability affecting GroupSession Free edition before ver5.3.0, GroupSession byCloud before ver5.3.3, and GroupSession ZION before ver5.3.2. The issue could allow an authenticated user to obtain or alter data stored in the database. This is confirmed by multip...