CVE-2025-11981

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2024-44640

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php...

PT-2025-47062

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security issue exists in itsourcecode Inventory Management System version 1.0. Manipulation of the PROMODEL argument in the file /admin/products/index.php?view=add can lead to...

GitLab 安全漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability in GitLab CE and EE versions 16.7 through 18.3.6 prio...

EUVD-2025-197644

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

EUVD-2025-197631

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

CVE-2024-44636

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php...

CVE-2025-12620

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CodeAstro Gym Management System SQL注入漏洞

Gym Management System is a gym management system from SourceCodester. A SQL injection vulnerability exists in version 1.0 of the Gym Management System, which stems from incorrect manipulation of the parameter ID in the file /admin/view-member-report.php, which could lead to a SQL injection attack...

CVE-2024-44636

CVE-2024-44636 affects PHPGurukul Student Record System 3.20. A SQL Injection flaw exists in /admin-profile.php, exploitable via the parameters adminname and aemailid . The vulnerability, confirmed across multiple sources, could allow an attacker to execute SQL commands and access database data. ...

Django 安全漏洞

Django is an open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Django has security vulnerabilities, which stem from SQL injection via the connector, potentially allowing...

Code-Projects Simple Online Hotel Reservation System 安全漏洞

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...

PHPGurukul Student Record System 安全漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the sub1, sub2, sub3, sub4, and course-short parameters of add-subject.php. An attacker can exploit this...

SVXportal 安全漏洞

SVXportal is a portal for Peter's individual developers. A security vulnerability exists in SVXportal version 2.7A, which stems from a specially crafted POST request to admin/updatesetings.php that could lead to SQL injection...

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A SQL injection vulnerability exists in ZOHO ManageEngine Analytics Plus. An attacker can use this vulnerability to view, add, modify, or...

Like Tea SQL注入漏洞

Like Tea is a multi-store tea drinking applet open source by comeasy. Like Tea version 1.0.0 SQL injection vulnerability exists , the vulnerability stems from the file laravel/app/Http/Controllers/Front/StoreController.php in the list function of the lng/lat parameter is not handled properly ,...

CVE-2025-13060 SourceCodester Survey Application System view_survey.php sql injection

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...

CVE-2025-13059 SourceCodester Alumni Management System manage_career.php sql injection

A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /managecareer.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...