CVE-2025-14254

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-14255

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2025-201693

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /printpersonnelreport.php. This manipulation of the argument perid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-201663

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

EUVD-2025-201657

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /membersearch.php. Executing manipulation of the argument rollnumber can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-14212

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /membersearch.php. Executing a manipulation of the argument rollnumber can lead to sql injection. The attack may be launched remotely. The exploit has be...

CVE-2025-14211

CVE-2025-14211 affects the projectworlds Advanced Library Management System 1.0. The vulnerability is in an unknown functionality of the file /delete_book.php, where manipulating the argument book_id yields a SQL injection. The issue is remotely exploitable and, per connected sources, the exploit...

Advantech iView SQL Injection Vulnerability

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

jshop_mall SQL注入漏洞

jshopmall Jshop small program mall is China Jihai technology hnjihai open source an e-commerce system. SQL injection vulnerability exists in jshopmall version 2.9.0, the vulnerability stems from the incorrect operation of the parameter catid in the file /index.php/api.html, which may lead to SQL...

PT-2025-49539

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0. The issue affects code within the /edit user.php file. Manipulation of the fname argument can lead to a SQL...

Code-Projects Simple Leave Manager SQL注入漏洞

Code-Projects Simple Leave Manager is an open source leave management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Simple Leave Manager version 1.0, which stems from incorrect manipulation of the parameter staffid in the file /request.php, which could lead to a...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

itsourcecode Student Management System SQL注入漏洞

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that originates from a SQL command injection that could result in reading the contents of the...

Code-Projects Simple Shopping Cart 安全漏洞

Simple Shopping Cart is a simple shopping cart system. Simple Shopping Cart suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter adminusername in the file /adminlogin.php. An attacker can exploit this...

PT-2025-49555

Name of the Vulnerable Software and Affected Versions code-projects Simple Shopping Cart version 1.0 Description A flaw exists in code-projects Simple Shopping Cart version 1.0 that allows for remote SQL injection. The issue is located in the file '/adminlogin.php', specifically through...

EUVD-2025-201599

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

PT-2025-49396

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

Yonyou U8 Cloud SQL注入漏洞

Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A SQL injection vulnerability exists in Yonyou U8 Cloud version 5.0, 5.0sp, 5.1, and 5.1sp, which originates from incorrect manipulation of the parameter usercode in the file...