8254 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-5315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...
CVE-2025-58448 rAthena has SQL Injection in PartyBooking component via `WorldName` parameter.
rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via WorldName parameter. Commit 0d89ae0 fixes the issue...
CVE-2025-58993 WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS tutor allows SQL Injection.This issue affects Tutor LMS: from n/a through = 3.7.4...
CVE-2025-10121 uverif kami_list addbatch sql injection
A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-10115
CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...
CVE-2025-10114 PHPGurukul Small CRM profile.php sql injection
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
PT-2025-36564
Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...
OPEXUS FOIAXpress Public Access Link 安全漏洞
OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure, public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link prio...
uverif 安全漏洞
uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...
CVE-2025-10111 itsourcecode Student Information Management System index.php sql injection
A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/instructor/index.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploi...
CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'
WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...
CVE-2025-10110
ChanCMS
CVE-2025-10106
A vulnerability has been found in yanyutao0402 ChanCMS up to 3.3.1. This affects an unknown part of the file /cms/collect/search. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-58450
Summary: CVE-2025-58450 affects pREST (PostgreSQL REST), a REST API on top of PostgreSQL. The vulnerability is a SQL injection in versions prior to 2.0.0-rc3 due to inadequate validation; a patch exists in 2.0.0-rc3. The primary risk details indicate high impact on confidentiality, integrity, and...
Web-Vulnerability-Scanner
This is a PoC exploit for a web vulnerability scanner created us...
Jinher OA SQL注入漏洞
Jinher OA is a collaboration management software from China Jinher Jinher. A SQL injection vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from improper handling of parameters in the /C6/Jhsoft.Web.departments/GetTreeDate.aspx file, which can lead to SQL injection...
itsourcecode Student Information Management System SQL注入漏洞
itsourcecode Student Information Management System is an open source student information management system from itsourcecode. A SQL injection vulnerability exists in itsourcecode Student Information Management System version 1.0, which is caused by incorrect manipulation of a parameter ID that...
PT-2025-36523
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability exists in the /WeGIA/html/memorando/listar despachos.php endpoint, specifically in the id memorando parameter. This...
PT-2025-36505
Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...
PT-2025-36519
Name of the Vulnerable Software and Affected Versions Campcodes Online Loan Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Loan Management System. The issue affects processing of the file /ajax.php?action=delete payment. Manipulation of the ID argument...