PT-2025-51444

Name of the Vulnerable Software and Affected Versions LambertGroup xPromoter versions through 1.3.4 Description A flaw exists in LambertGroup xPromoter that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially allow...

PT-2025-51561

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish trade detail get. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is no...

WordPress List category posts SQL Injection Vulnerability

WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...

QNAP Systems Hero和QNAP Systems QTS SQL注入漏洞

QNAP Systems Hero and QNAP Systems QTS are both products of China-based Weilian Technology QNAP Systems.QNAP Systems Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide...

CVE-2023-53877

Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...

CVE-2025-14668

A vulnerability was detected in campcodes Advanced Online Examination System 1.0. This affects an unknown function of the file /query/loginExe.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now publi...

CVE-2025-14711 FantasticLBP Hotels Server hotelList.php sql injection

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14639

A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

PT-2025-51317

Name of the Vulnerable Software and Affected Versions anirbandutta9 NEWS-BUZZ version 1.0 Description A SQL injection flaw exists in anirbandutta9 NEWS-BUZZ version 1.0. This allows a remote attacker to execute arbitrary code by using a crafted script. The vulnerability is due to insufficient inp...

Inventory Management System 安全漏洞

Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System that stems from vulnerability to SQL injection attacks...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from improper handling of the frompostingdate parameter in the getoutstandingreferencedocuments function, which could lead to an...

ketr JEPaaS SQL注入漏洞

ketr JEPaaS is a low-code rapid development platform open-sourced by China's ketr ketr. A SQL injection vulnerability exists in ketr JEPaaS 7.2.8 and earlier versions, which stems from incorrect manipulation of the parameter keyWord in the file /je/postil/postil/readAllPostil, which could lead to...

Bus Reservation System SQL注入漏洞

Bus Reservation System is a PHPJabbers open source bus reservation system. A SQL injection vulnerability exists in Bus Reservation System version 1.1, which stems from a SQL injection in the pickupid parameter, and could lead to manipulation of database queries and theft of information...

ROS-20251215-7309

Elasticsearch search engine vulnerability related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service by sending specially crafted SQL queries...

CVE-2025-14623

A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/updatestudent.php. This manipulation of the argument studid causes sql injection. The attack is possible to be carried out remotely. The exploit has be...

EUVD-2025-203304

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2025-14666

A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

CVE-2025-14661

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the publ...

CVE-2025-14661 itsourcecode Student Managemen System advisers.php sql injection

A vulnerability has been found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown functionality of the file /advisers.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the publ...

EUVD-2025-203287

A vulnerability was detected in itsourcecode Online Cake Ordering System 1.0. Affected by this issue is some unknown functionality of the file /cakeshop/supplier.php. Performing manipulation of the argument supplier results in sql injection. The attack can be initiated remotely. The exploit is no...