itsourcecode Online Voting System SQL注入漏洞

Online Voting System is an online voting system. Online Voting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter id/category in the file /index.php. An attacker can exploit this vulnerability to...

PT-2025-47209

Name of the Vulnerable Software and Affected Versions code-projects Courier Management System version 1.0 Description A flaw exists in code-projects Courier Management System 1.0 that allows for remote code execution. The issue is located in the file /add-new-officer.php. Manipulation of the...

PT-2025-47104

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A security issue has been identified in itsourcecode Inventory Management System version 1.0. The issue involves a SQL injection vulnerability present in an unknown function with...

PT-2025-47134

Name of the Vulnerable Software and Affected Versions Campcodes School Fees Payment Management System version 1.0 Description A flaw exists in Campcodes School Fees Payment Management System 1.0 that allows for remote SQL injection. The issue is located in the /manage course.php file, specificall...

PT-2025-47582

Name of the Vulnerable Software and Affected Versions phpPgAdmin versions 7.13.0 and earlier Description phpPgAdmin versions 7.13.0 and earlier contain a SQL injection issue in the dataexport.php file at line 118. The application directly executes user-supplied SQL queries from the $ REQUEST'quer...

PT-2025-47138

Name of the Vulnerable Software and Affected Versions g33kyrash Online-Banking-System affected versions not specified Description A SQL injection issue exists due to the manipulation of the Username argument. The issue affects unknown code within the /index.php file and is remotely exploitable. T...

CVE-2024-44663

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php...

CVE-2025-13248

CVE-2025-13248 affects SourceCodester Patients Waiting Area Queue Management System 1.0. The vulnerability is a SQL injection in an unknown function of the file /php/api_patient_schedule.php caused by manipulating the argument appointmentID . This can be triggered remotely and, per sources, the e...

CVE-2025-13236

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...

CVE-2025-13236

Affected software: itsourcecode Inventory Management System 1.0. Vulnerability: SQL injection arising from improper handling of the ID parameter in the file /admin/products/index.php?view=edit. Where: The vulnerability is triggered via the index.php?view=edit path under the admin/products directo...

CVE-2025-13235

Mode C: This CVE concerns itsourcecode Inventory Management System 1.0. The vulnerability exists in the /admin/login.php file, where manipulating the user_email parameter can trigger SQL injection. It is exploitable remotely and has publicly disclosed exploits. Connected documents corroborate a S...

Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. The Student Information System suffers from a SQL injection vulnerability that originates from the parameter s in the /searchquery.php file that does not effectively filter user input. An attacker can exploit this vulnerability by...

PT-2025-47076

Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A flaw exists in code-projects Student Information System 2.0, affecting unknown code within the /index.php file. Manipulation of the Username argument can lead to SQL injection,...

Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...

DataX-Web SQL注入漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's individual developers. A SQL injection vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from a misbehavior of an unknown function and could lead to a SQL injection attack...

itsourcecode Inventory Management System SQL注入漏洞

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from the PROID parameter in the /index.php?q=product file that does not securely filter user input. An attacker can exploit this vulnerability ...

CVE-2025-13201

The CVE-2025-13201 entry concerns Code-projects’ Simple Cafe Ordering System 1.0. A SQL injection vulnerability exists in the login.php file, arising from improper handling of the Username parameter. The issue can be exploited remotely, and an exploit is publicly available. Affected component: lo...

CVE-2025-11981

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-2615

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...

CVE-2025-2615 Insertion of Sensitive Information Into Sent Data in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.7 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2, that could have allowed a blocked user to access sensitive information by establishing GraphQL subscriptions through WebSocket connections...