8209 matches found
EUVD-2025-200224
The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Tax Service Electronic HDM plugin <= 1.2.0 - Unauthenticated Arbitrary SQL Injection vulnerability
Unauthenticated Arbitrary SQL Injection vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin TAX SERVICE Electronic HDM versions = 1.2.0...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...
EUVD-2025-200189
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks...
Axios Systems Assyst 安全漏洞
Axios Systems Assyst is an off-the-shelf application from Axios Systems, UK, for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst has a security vulnerability that stems from a specially crafted dict ke...
CVE-2025-65380
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...
Edoc-doctor-appointment-system 安全漏洞
Edoc-doctor-appointment-system is a simple web project for e-channels by HashenUdara Personal Developer. A security vulnerability exists in Edoc-doctor-appointment-system version v1.0.1, which stems from the docid parameter in /admin/appointment.php being susceptible to SQL injection attacks...
PT-2025-48643
Name of the Vulnerable Software and Affected Versions donation WordPress plugin version 1.0 Description The plugin does not properly sanitize and escape a parameter before using it within a SQL statement. This allows users with high privileges, such as administrators, to potentially execute SQL...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
EUVD-2025-200084
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-63532
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...
CVE-2025-51683
A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...
CVE-2025-51683
CVE-2025-51683: mJobtime v15.7.2 contains a blind SQL injection in the /Default.aspx/update_profile_Server endpoint. Exploitation is unauthenticated and can lead to arbitrary SQL execution, with high impact on confidentiality, integrity, and availability. The description and sources confirm the v...
Blood Bank Management System 安全漏洞
Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the cancel.php component that could lead to unauthorized access...
Blood Bank Management System 安全漏洞
Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the abs.php component that could lead to unauthorized access...
Blood Bank Management System 安全漏洞
Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the receiverLogin.php component that could lead to unauthorized access...
PT-2025-48460
Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description A SQL injection issue exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application does not properly sanitize user-supplied input used in SQL querie...
mJobtime 安全漏洞
mJobtime is a time tracking and job management software from the US company mJobtime. A security vulnerability exists in mJobtime version v15.7.2 that originates from an unauthenticated attacker being able to execute arbitrary SQL statements via a specially crafted POST request, potentially...
EUVD-2025-199989
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...
CVE-2025-13788
A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...