CVE-2025-12504

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...

Online Ordering System user_contact.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...

Currency Exchange System /edittrns.php File SQL Injection Vulnerability

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...

Student Management System /edit_user.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fname in the file /edituser.php. The vulnerability can be exploited to...

PT-2025-50556

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...

EUVD-2025-202035

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

EUVD-2025-202048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TalentSoft Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-14250

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

CVE-2025-12504 SQLi in Talent Software's UNIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection. This issue affects UNIS: before 42321...

CVE-2025-67520 WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-14285 code-projects Employee Profile Management System edit_personnel.php sql injection

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

EUVD-2025-201842

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

PT-2025-49976

Name of the Vulnerable Software and Affected Versions TalentSoft Software UNIS versions prior to 42321 Description A flaw exists in TalentSoft Software UNIS related to the improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This issue could allow an...

WordPress plugin Accordion Slider PRO SQL注入漏洞

WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...

PT-2025-50293

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id categori...

Billing System admin/index.php Endpoint SQL Injection Vulnerability

Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that originates when the username parameter in the admin/index.php endpoint is spliced directly into a back-end SQL query without validation. An attacker can exploit this vulnerability by submitting ...

Frappe Helpdesk SQL注入漏洞

Frappe Helpdesk is a customer service software from Frappe Open Source. A SQL injection vulnerability exists in Frappe Helpdesk version 1.14.0, which stems from an unsafe connection of a user control parameter in dashboard getdashboarddata to a dynamic SQL statement, which could lead to a SQL...