Online Discussion Forum search_result.php File SQL Injection Vulnerability

Online Discussion Forum is an online forum. Online Discussion Forum suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Search in the file /admin/adminforum/searchresult.php. An attacker can exploit this...

CVE-2025-10668

A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/composemsgadmin.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...

CVE-2025-10670 itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile.php sql injection

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /checkprofile.php. Executing manipulation of the argument profileid can lead to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-10665 kidaze CourseSelectionSystem COUNT3s3.php sql injection

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remote exploitation of the attack is possible...

CVE-2025-10662

A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /adminmembers.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be use...

itsourcecode Online Discussion Forum SQL注入漏洞

itsourcecode Online Discussion Forum is an online forum of itsourcecode open source. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Discussion Forum, which stems from incorrect manipulation of the parameter ID in the file /members/composemsg.php, which could lead to a...

Summar Portal del Empleado SQL注入漏洞

Summar Portal del Empleado is an employee portal system from Summar Spain. Summar Portal del Empleado suffers from an SQL injection vulnerability that stems from incorrect manipulation of the parameter ctl00$ContentPlaceHolder1$filtroNombre in the file /MemberPages/quienesquien.aspx, which could...

Esbi Bilişim Auto Service Software 安全漏洞

Esbi Bilişim Auto Service Software is an auto service software from Esbi Bilişim, Turkey. A security vulnerability exists in Esbi Bilişim Auto Service Software version 4.56.00.00 and prior versions, which originates from a user-controllable SQL primary key leading to an authorization bypass, whic...

SourceCodester Pet Grooming Management Software SQL注入漏洞

SourceCodester Pet Grooming Management Software is a SourceCodester open source pet grooming management system. A SQL injection vulnerability exists in SourceCodester Pet Grooming Management Software version 1.0, which stems from an incorrect operation of the parameter instaamt in the file...

SourceCodester Online Exam Form Submission 安全漏洞

SourceCodester Online Exam Form Submission is a SourceCodester open source online exam submission system. A security vulnerability exists in SourceCodester Online Exam Form Submission version 1.0, which stems from an incorrect manipulation of the parameter credits in the file /admin/updates3.php,...

PT-2025-38475

Name of the Vulnerable Software and Affected Versions SourceCodester Pet Grooming Management Software version 1.0 Description A SQL injection issue exists in SourceCodester Pet Grooming Management Software. The vulnerability is located in the file /admin/operation/paid.php. Manipulation of the...

CVE-2025-10623

The CVE-2025-10623 entry concerns SourceCodester Hotel Reservation System 1.0. The vulnerable element is the deleteuser.php file, where manipulation of the ID parameter results in an SQL injection. The vulnerability is exploitable remotely and there are public PoCs. Exploitation is supported by m...

CVE-2025-10618 itsourcecode Online Clinic Management System transact.php sql injection

A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-10613 itsourcecode Student Information System leveledit1.php sql injection

A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument levelid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2025-10601

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-10602 SourceCodester Online Exam Form Submission delete_s1.php sql injection

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deletes1.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-10596 SourceCodester Online Exam Form Submission index.php sql injection

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument usn results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-10448

A flaw has been found in Campcodes Online Job Finder System 1.0. This affects an unknown function of the file /index.php?q=result=bycompany. This manipulation of the argument Search causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2025-10439

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection. This issue affects Yordam Library Automation System: from 21.5 & 21.6 before 21.7...

CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...