Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from improper privilege management and could lead to the execution of arbitrary SQL...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google USA. A security vulnerability exists in Google Looker that stems from vulnerability to SQL injection attacks that could lead to data exfiltration in the BigQuery data source...

PT-2025-46180

Name of the Vulnerable Software and Affected Versions rickxy Hospital Management System version 1.0 Description The patient prescription viewing functionality within the his doc view single patient.php component contains an SQL injection issue. The pat number GET parameter is directly incorporate...

PT-2025-45597

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may...

e-Excellence U-Office Force SQL注入漏洞

e-Excellence U-Office Force is an e-Office platform from China-based First Class Technology e-Excellence. The e-Excellence U-Office Force suffers from a SQL injection vulnerability that originates from allowing an authenticated, remote attacker to inject arbitrary SQL commands that could result i...

Google Looker 安全漏洞

Google Looker is an intelligent business platform from Google, Inc USA. A security vulnerability exists in Google Looker that originates from a user being able to inject malicious SQL statements, which could lead to the execution of a SQL injection attack with report owner privileges...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

PT-2025-45600

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

This Week in Spring - November 10th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! As I write this I am preparing for a flight to North Carolina first in flight!. This week's going to be busy, but next week even busier still! I'll be at AI By The Bay in San Francisco, AI Native Dev Con in NYC, and QCon SF i...

PT-2025-45589

Name of the Vulnerable Software and Affected Versions U-Office Force affected versions not specified Description U-Office Force developed by e-Excellence is subject to a SQL Injection issue. This allows an authenticated remote attacker to inject arbitrary SQL commands, potentially leading to...

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...

CVE-2025-12914 aaPanel BaoTa Backend database sql injection

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-64488

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...

EUVD-2025-38284

An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-48089

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

CVE-2025-12857

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-63585

OSSN Open Source Social Network 8.6 is vulnerable to SQL Injection in /action/rtcomments/status via the timestamp parameter...

EUVD-2025-38246

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...