8251 matches found
PT-2025-41894
Name of the Vulnerable Software and Affected Versions Winsure versions through August 21, 2025 Description A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL co...
Microsoft Configuration Manager SQL注入漏洞
Microsoft Configuration Manager is a Microsoft solution for managing computers and servers within an organization that helps IT departments keep software up-to-date, set configuration and security policies, and monitor system status. Microsoft Configuration Manager suffers from a SQL injection...
FreePBX Endpoint Manager SQL注入漏洞
FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from FreePBX open source. An SQL injection vulnerability exists in FreePBX Endpoint Manager versions prior to 16.0.92 and 17.0.6. The vulnerability stems from an SQL injection vulnerability in multiple parameters in...
CVE-2025-62389
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62388
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62392
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-11623
CVE-2025-11623 is a SQL injection vulnerability in Ivanti Endpoint Manager (EPM) that enables a remote authenticated attacker to read arbitrary data from the database. Multiple connected sources (NVD, RH, CNVD, EUVD, CNNVD, CVE lists) describe Ivanti Endpoint Manager as the affected product and c...
EUVD-2025-34064
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection.This issue affects Aykome License Tracking System: before Version dated 06.10.2025...
CVE-2025-6919 SQLi in Cats Informatics' Aykome
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025...
EUVD-2025-33968
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...
CVE-2025-11667 code-projects Automated Voting System add_candidate_modal.php. sql injection
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...
CVE-2025-11664 Campcodes Online Beauty Parlor Management System search-appointment.php sql injection
A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...
E-Commerce Website edit_order_details.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter orderid in file /pages/editorderdetails.php. An attacker can exploit this vulnerability to...
PT-2025-41814
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database. The issue allows for unauthoriz...
Online Shopping Portal Project login.php File SQL Injection Vulnerability
Online Shopping Portal Project is an online shopping portal project. Online Shopping Portal Project suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter fullname in the file /shopping/login.php. An attacker...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from a SQL injection vulnerability in the iddependente parameter in the /html/funcionario/dependentedocumento.php endpoin...
Ivanti Endpoint Manager(EPM) SQL注入漏洞
Ivanti Endpoint Manager is a comprehensive endpoint management solution developed by Ivanti to unify the management of all types of devices in an enterprise network, including Windows, macOS, Linux, ChromeOS, mobile devices and IoT devices. Ivanti Endpoint Manager suffers from a SQL injection...
WeGIA SQL注入漏洞
WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A SQL injection vulnerability exists in WeGIA versions prior to 3.5.1, which stems from an SQL injection in the cpf parameter in the /html/funcionario/cadastrofuncionariopessoaexistente.php endpoint, whic...
Online Course Registration /admin/edit-course.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter coursecode in the file /admin/edit-course.php. An attacker ca...