CVE-2025-68496 WordPress User Feedback plugin <= 1.10.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Feedback: from n/a through = 1.10.0...

CVE-2025-15053

CVE-2025-15053 affects code-projects Student Information System 1.0. The flaw is a SQL injection in the /searchresults.php processing of the searchbox parameter, exploitable remotely. Multiple sources confirm an exploit has been published. No concrete remediation/version fix is provided in the su...

Advantech WebAccess/SCADA SQL Injection Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An SQL injection vulnerability exists in...

PT-2025-53258

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...

CVE-2025-15034

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...

EUVD-2023-60237

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

PT-2025-52743

Name of the Vulnerable Software and Affected Versions AutomatorWP versions through 5.2.4 Description Improper neutralization of special elements used in an SQL command allows for SQL injection. The issue affects the AutomatorWP plugin. Recommendations Update AutomatorWP to a version later than...

CVE-2023-53960 SOUND4 IMPACT/FIRST/PULSE/Eco v2.x SQL Injection via Authentication Bypass

SOUND4 IMPACT/FIRST/PULSE/Eco version 2.x contains an SQL injection vulnerability in the 'index.php' authentication mechanism that allows attackers to manipulate login credentials. Attackers can inject malicious SQL code through the 'password' POST parameter to bypass authentication and potential...

CVE-2023-53975 Atom CMS 2.0 Unauthenticated SQL Injection via Admin Index Page

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

CVE-2023-53975

CVE-2023-53975 affects Atom CMS 2.0 and describes an unauthenticated SQL injection via the id parameter on the admin index page, enabling time-based blind queries. The vulnerability stems from unvalidated input used in database queries, with potential impact on integrity and confidentiality as in...

EUVD-2025-204709

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-15012

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

EUVD-2025-204699

A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/articledetail.php of the component Article Handler. Performing manipulation of the argument ID results in sql injection. It is...

CVE-2025-15011

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-204686

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-15012 code-projects Refugee Food Management System home.php sql injection

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

PT-2025-52624

Name of the Vulnerable Software and Affected Versions Refugee Food Management System version 1.0 Description A SQL injection issue exists due to manipulation of the a argument within an unknown function of the /home/home.php file. The attack can be carried out remotely. The exploit has been...

Hasura GraphQL Engine SQL注入漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A SQL injection vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from the fact that SQL injection may result in local file reads...

CVE-2025-15002

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...