CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2025-30062

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

Code-Projects Simple Student Alumni System 安全漏洞

Code-Projects Simple Student Alumni System is an open-source student alumni system developed by Code-Projects. Version 1.0 of the code-projects Simple Student Alumni System contains a security vulnerability, which stems from an SQL injection vulnerability in the /TracerStudy/recordteacherview.php...

Code-Projects Simple Student Alumni System 安全漏洞

Code-Projects Simple Student Alumni System is an open-source student alumni system developed by Code-Projects. Version 1.0 of the code-projects Simple Student Alumni System contains a security vulnerability, which stems from an SQL injection vulnerability in the /TracerStudy/recordteacher edit.ph...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of the sourcecodester Personnel Property Equipment System contains a security vulnerability, which stems from an SQL injection vulnerability in the...

Code-Projects Simple Gym Management System 安全漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System contains a security vulnerability, which stems from an SQL injection vulnerability in the file /gym/trainersearch.php...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability; this vulnerability arises from the file/food/view-ticket.php being vulnerable to SQL...

PT-2026-22537

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A SQL injection issue exists in the Registration Handler component of projectworlds Online Art Gallery Shop version 1.0. The issue is located in the /admin/registration.php file,...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/myitemreuse.php file...

PT-2026-22541

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A weakness exists in an unknown functionality of the file /admin/check studid.php. Manipulation of the student id argument can lead to SQL injection. The attack can be launched...

PT-2026-22605

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection in the /ppes/admin/myitem reuse.php file. The vulnerability allows for potential unauthorized access to or modification of...

PT-2026-22602

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the /TracerStudy/modal view.php file. The vulnerability allows for potential unauthorized...

EUVD-2026-9220

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewreceipt.php...

NocoDB SQL注入漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a SQL injection vulnerability; this vulnerability stemmed from unvalidated unit parameters in the...

PT-2026-22604

Name of the Vulnerable Software and Affected Versions code-projects Simple Student Alumni System version 1.0 Description The software contains a SQL Injection flaw in the /TracerStudy/recordteacher edit.php file. The vulnerability exists due to insufficient sanitization of user-supplied input. Th...

ASB-A-415783046

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...