Code-Projects Nero Social Networking Site SQL注入漏洞

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

CLTPHP Content Management System SQL注入漏洞

CLTPHP Content Management System is a content management system from the Chinese company CLTPHP. A SQL injection vulnerability exists in CLTPHP Content Management System version 3.0. The vulnerability stems from an incorrect manipulation of the parameter keyword in the file /home/search.html, whi...

Bdtask Wholesale Inventory Control SQL注入漏洞

Bdtask Wholesale Inventory Control is an inventory management system from Bdtask Bangladesh. A SQL injection vulnerability exists in Bdtask Wholesale Inventory Control 20251013 and earlier versions, which stems from incorrect manipulation of the parameter firstname/lastname in the file...

AhnLab EPP 安全漏洞

AhnLab EPP is a set of endpoint security protection platform from AhnLab, Korea. A security vulnerability exists in AhnLab EPP version 1.0.15, which stems from an incorrect manipulation of the parameter preview and could lead to an SQL injection attack...

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...

Exploit for CVE-2023-49440

CVE-2023-49440-POC Vulnerable Version: Ahab EPP Management v...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via improper handling of filter $eq, $ne, $gt, $lt, $gte, $lte operators in the LangGraph SQLite store implementation. An...

CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection

The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...

Studio Fabryka DobryCMS SQL注入漏洞

Studio Fabryka DobryCMS is a content management system from Studio Fabryka, Inc. Studio Fabryka DobryCMS suffers from a SQL injection vulnerability that stems from improper neutralization of user-entered language functions, which could lead to an SQL injection attack...

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

Privilege Escalation

intelliants/subrion is vulnerable to privilege escalation. The vulnerability is due to improper access control in the built-in “Run SQL Query” feature under the SQL Tool admin panel, which allows authenticated administrators or moderators to execute arbitrary SQL commands and gain escalated...

ChanCMS /cms/article/findField File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of external SQL statements in the function findField in the file /cms/article/findField. An attacker can exploit this vulnerability to...

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

MGASA-2025-0243 Updated python-django packages fix a security vulnerability

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

EUVD-2025-35390

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through = 4.6.8...

EUVD-2025-35541

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.5...

EUVD-2025-35568

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...

CVE-2025-62015

CVE-2025-62015 is a SQL Injection in WordPress plugin Advanced Coupons for WooCommerce Coupons (free version), affecting versions up to and including 4.6.8 due to improper neutralization of SQL, with multiple sources confirming and a patch released (updated to 4.6.8+). Mitigation: update to the p...

CVE-2025-59557

CVE-2025-59557 concerns a SQL injection in the WordPress plugin Learts Addons (versions prior to 1.7.5). The root cause is improper neutralization of special elements used in SQL commands in the learts-addons component, enabling potential SQL injection attacks. Affected product: WordPress plugin ...