SQL Injection

github.com/suyuan32/simple-admin-core is vulnerable to SQL Injection. The vulnerability is due to insufficient input validation because the /sys-api/role/update interface fails to properly sanitize user input, allowing partial data leakage or disruption of system operations...

CVE-2025-10786 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=deleteuser. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-10785

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown part of the file /manageuser.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used...

CVE-2025-10781

CVE-2025-10781 affects Campcodes Online Learning Management System 1.0. The vulnerability is in the file /admin/edit_class.php, where manipulation of the parameter named class_name enables a SQL injection. The description states the attack can be executed remotely and the exploit is publicly avai...

CVE-2025-56074

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the fromdate parameter in a POST request...

Campcodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in Campcodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter subjectcode in the file...

PT-2025-39084

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A weakness exists in Campcodes Online Learning Management System. Manipulation of the firstname argument in the /admin/admin user.php file can lead to SQL injection. The attac...

CampCodes Farm Management System SQL注入漏洞

CampCodes Farm Management System is a farm management system from CampCodes Philippines. A SQL injection vulnerability exists in CampCodes Farm Management System version 1.0, which stems from an incorrect manipulation of the parameter Type in the file /uploadProduct.php, which could lead to a SQL...

PT-2025-38763

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A security issue exists in Campcodes Online Learning Management System. Remote attackers can exploit a SQL injection flaw by manipulating the d argument in the...

PT-2025-38755

Name of the Vulnerable Software and Affected Versions Campcodes Farm Management System version 1.0 Description A flaw exists in Campcodes Farm Management System that could allow for remote code execution. The issue is related to the manipulation of the Type argument in the /uploadProduct.php file...

CampCodes Online Learning Management System SQL注入漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A SQL injection vulnerability exists in Campcodes Online Learning Management System version 1.0, which stems from an incorrect manipulation of the parameter firstname in the file...

PT-2025-38746

Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security issue exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves potential SQL injection due to manipulation of the fromdate/todate...

PT-2025-38718

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A flaw exists in itsourcecode Online Discussion Forum that could allow for remote code execution. The issue is related to a SQL injection impacting an unknown function within the...

CVE-2025-10762 kuaifan DooTask UsersController.php sql injection

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

CVE-2025-10673

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2024-13151

Authorization Bypass Through User-Controlled SQL Primary Key, CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Logo Software Diva allows SQL Injection, CAPEC - 7 - Blind SQL Injection.This issue affects Diva: through 4.56.00.00...

CVE-2025-10652 Robcore Netatmo <= 1.7 - Authenticated (Contributor+) SQL Injection via robcore-netatmo Shortcode

The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘moduleid’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress plugin ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages SQL注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... WordPress plugi...

CVE-2025-10624

A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and ma...

CVE-2025-10598

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...