PT-2025-39773

Name of the Vulnerable Software and Affected Versions code-projects Simple Scheduling System version 1.0 Description A flaw exists in code-projects Simple Scheduling System 1.0, specifically within the /schedulingsystem/addsubject.php file. Manipulation of the subcode argument can lead to SQL...

PT-2025-39774

Name of the Vulnerable Software and Affected Versions Simple Scheduling System version 1.0 Description A SQL injection issue exists in Simple Scheduling System version 1.0. The issue affects unknown code within the /schedulingsystem/addfaculty.php file. Manipulation of the falname argument can le...

CampCodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in CampCodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter schoolyear in the file...

PT-2025-39782

Name of the Vulnerable Software and Affected Versions Campcodes Advanced Online Voting Management System version 1.0 Description A flaw exists in Campcodes Advanced Online Voting Management System version 1.0. The issue involves the manipulation of the ID argument within the file /admin/candidate...

PT-2025-39763

Name of the Vulnerable Software and Affected Versions itsourcecode Open Source Job Portal version 1.0 Description A security flaw exists in itsourcecode Open Source Job Portal version 1.0 that allows for SQL injection. The issue is triggered by manipulating the ID argument in the file...

PT-2025-39775

Name of the Vulnerable Software and Affected Versions code-projects Simple Scheduling System version 1.0 Description A flaw exists in the processing of the /schedulingsystem/addcourse.php file. Manipulation of the corcode argument can lead to SQL injection. This issue is remotely exploitable and...

CVE-2025-11088 itsourcecode Open Source Job Portal index.php sql injection

A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Impacted is an unknown function of the file /admin/vacancy/index.php?view=edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available ...

CVE-2025-11075

A vulnerability has been found in Campcodes Online Learning Management System 1.0. This affects an unknown function of the file /admin/deactivate.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2025-11033

A vulnerability has been found in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Impacted is an unknown function of the file /Profilers/PriProfile/COUNT3s7.php. The manipulation of the argument cbe leads to sql injection. It is possible to initiate the attack remotel...

CVE-2025-11071

SeaCMS 13.3.20250820 is affected by a SQL injection in the Cron Task Management module via /admin_cron.php, caused by manipulation of the resourcefrom/collectID parameter. The vulnerability can be triggered remotely and exploited after the public disclosure of the exploit. The provided documents ...

CVE-2025-11070

CVE-2025-11070 affects Projectworlds Online Shopping System 1.0. The vulnerable component is the file /store/cart_add.php, where manipulating the ID parameter enables a SQL injection. Public exploitability is indicated, with remote access possible and high impact on confidentiality, integrity, an...

CVE-2025-11063

A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/editdepartment.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

CVE-2025-11061

A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

CVE-2025-11053 PHPGurukul Small CRM forgot-password.php sql injection

A weakness has been identified in PHPGurukul Small CRM 4.0. This affects an unknown function of the file /forgot-password.php. Executing manipulation of the argument email can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could b...

PT-2025-39724

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A SQL injection issue exists in SourceCodester Pet Grooming Management Software version 1.0. The issue is located in the file /admin/print inv.php. Manipulation of the ID...

Projectworlds Online Shopping System SQL注入漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter ID in the file /store/cartadd.php, which could lead to a...

CourseSelectionSystem SQL注入漏洞

CourseSelectionSystem is a simple online course selection system by kidaze individual developer. A SQL injection vulnerability exists in CourseSelectionSystem version 1.0, which originates from an incorrect manipulation of the parameter csslc in the file /Profilers/PriProfile/COUNT3s5.php, which...

PT-2025-39740

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A flaw exists in Campcodes Online Learning Management System version 1.0 that allows for SQL injection. The issue is located in the file /admin/edit teacher.php and involves...

CVE-2025-59845

CVE-2025-59845 covers a CSRF flaw in Apollo Studio Embeddable Sandbox and Embeddable Explorer caused by missing origin validation in window.postMessage handling. The issue affects embedded Sandbox/Explorer prior to versions 2.7.2 and 3.7.3, allowing a malicious site to forge messages that trigger...

CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection

A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...