8209 matches found
CVE-2025-13788
chanjet crm is affected by a SQL injection in /tools/upgradeattribute.php via the gblOrgID parameter. The vulnerability affects Chanjet CRM versions up to 20251106 (pre-51107). Root cause: input manipulation in an unknown function leads to injectable SQL. Impact is high (remote attacker, data exp...
CVE-2025-13770
CVE-2025-13770 affects WebITR by Uniong. A SQL Injection vulnerability allows authenticated remote attackers to inject arbitrary SQL and read database contents. The issue is documented with CVSS v3.1/4.0 bases (6.5 MEDIUM and 7.1 HIGH, respectively). Affected versions are not specified in the sou...
CVE-2025-13769
CVE-2025-13769 concerns WebITR by Uniong, with a SQL injection vulnerability that, when exploited by authenticated remote attackers, can read database contents. The included sources consistently describe the flaw as a SQL injection affecting WebITR; however, no concrete affected version list or v...
PT-2025-48320
Name of the Vulnerable Software and Affected Versions WebITR versions affected versions not specified Description WebITR developed by Uniong has a SQL Injection issue. Authenticated remote attackers can inject arbitrary SQL commands, potentially allowing them to read database contents. The...
EUVD-2025-199829
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8...
CVE-2025-13757
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8...
PT-2025-48270
Name of the Vulnerable Software and Affected Versions Devolutions Server versions through 2025.2.20 and through 2025.3.8 Description Devolutions Server is affected by a SQL Injection issue within the last usage logs functionality. The flaw allows authenticated attackers to potentially steal all...
Devolutions Server 安全漏洞
Devolutions Server is a security solution for managing privileged accounts and sessions, designed to help organizations centrally store and manage sensitive information such as passwords and credentials. Devolutions Server suffers from an SQL injection vulnerability that stems from the...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway version 6.13.11, which stems from an SQL injection in the ID parameter of the getSubUsersByProvider function...
SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-928742)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Attention Bar plugin <= 0.7.2.1 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by WPScan in WordPress Plugin Attention Bar versions = 0.7.2.1...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-923949)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
ASUS Router 安全漏洞
ASUS Router is a router product and accompanying management application from ASUS, primarily used for wireless connectivity and management of home and business networks. ASUS Router suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally enter...
EUVD-2025-198805
ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName...
CVE-2025-13596 Improper Error Handling Leading to Sensitive Information Disclosure in CIGES ≤ 2.15.6
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
CVE-2025-13583 code-projects Question Paper Generator POST Parameter signupscript.php sql injection
A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...
CVE-2025-13579
A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
CVE-2025-13578 code-projects Library System Login index.php sql injection
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...
CVE-2025-13578 code-projects Library System Login index.php sql injection
A vulnerability has been found in code-projects Library System 1.0. This affects an unknown function of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...
Liferay Portal GraphQL Schema Detected
This is an informational plugin to inform the user that the scanner has detected that the target Liferay instance publicly exposes its GraphQL schema. No source data...