CVE-2025-15435 Yonyou KSOA work_update.jsp sql injection

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15434

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early...

CVE-2025-15434

Summary: CVE-2025-15434 affects Yonyou KSOA 9.0 via an SQL injection in an unknown function of the file /kp/PrintZPYG.jsp, caused by manipulating the zpjhid parameter. Reports indicate remote exploitation with the exploit publicly available. Multiple sources (NVD, Red Hat, CVE list, CNNVD, ENISA,...

CVE-2025-15421 Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agentworksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publ...

QNAP Systems Hyper Data Protector SQL注入漏洞

QNAP Systems Hyper Data Protector is a one-stop backup software from Taiwan, China-based QNAP Systems. QNAP Systems Hyper Data Protector suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks that could result in the execution of unauthorized code or...

PT-2026-1116

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 where manipulation of the fname argument in the /Frontend/Feedback.php file can lead to SQL injection. This issue can be exploited...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's UFIDA Yonyou company. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which stems from incorrect manipulation of the parameter ID in the file /worksheet/deluser.jsp, which could lead to a SQL injection attack...

PT-2026-1099

Name of the Vulnerable Software and Affected Versions MARS Multi-Application Recovery Service versions prior to 1.2.1.1686 Description An SQL injection issue affects MARS Multi-Application Recovery Service. Successful exploitation could allow remote attackers to execute unauthorized code or...

CVE-2025-15410

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...

CVE-2025-15409

CVE-2025-15409 affects code-projects Online Guitar Store 1.0. The vulnerability is an SQL injection in /admin/Delete_product.php via manipulation of the del_pro parameter, exploitable remotely. Public disclosures exist. Impact includes potential disclosure/integrity/availability harm as per CVSS ...

CVE-2025-55065

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

CVE-2025-55065

CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...

EUVD-2026-0005

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

EUVD-2026-0011

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

EUVD-2026-0009

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15407

CVE-2025-15407 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/Create_category.php, triggered by manipulation of the dre_Ctitle parameter. Exploitation could be performed remotely, and public disclosures exist. Multiple...

Code-Projects Online Guitar Store SQL注入漏洞

Code-Projects Online Guitar Store is a Code-Projects open source online guitar store. A SQL injection vulnerability exists in Code-Projects Online Guitar Store version 1.0, which stems from an incorrect operation of the parameter delpro in the file /admin/Deleteproduct.php, which could lead to SQ...

CVE-2023-7331

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-28949

CVE-2025-28949 for Mediabay - WordPress Media Library Folders: an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability allowing Blind SQL Injection in Mediabay = 1.5 or patch-level fixes) and confirm the affected software is the Mediabay plugin for Word...

CVE-2025-28949 WordPress Mediabay - WordPress Media Library Folders <= 1.4 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through 1.4...