PT-2025-36516

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A SQL injection issue exists in Campcodes Online Loan Management System 1.0. The vulnerability is located in unknown code within the /ajax.php?action=delete loan file...

CVE-2025-56630

FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...

CVE-2025-10011

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-10068

A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/adminforum/addviews.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

CVE-2025-10068

The CVE-2025-10068 entry concerns itsourcecode Online Discussion Forum 1.0. A SQL injection flaw exists in the file /admin/admin_forum/add_views.php triggered by manipulating the ID argument, enabling remote exploitation. Exploits have been published and may be used. Some connected sources (PT-20...

CVE-2025-48544

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-10030

CVE-2025-10030 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability affects the file /ajax.php?action=save_receiving where manipulation of the argument ID can lead to a SQL injection. It is described as exploitable remotely and the exploit has been made publicly available....

CVE-2025-9085

CVE-2025-9085 concerns the WordPress plugin “User Registration & Membership” (v4.3.0 and earlier). The vulnerability is a SQL Injection via the s parameter due to insufficient escaping and improper query preparation, enabling an authenticated attacker with administrator-level access to append SQL...

PT-2025-36369

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A weakness exists in Campcodes Grocery Sales and Inventory System 1.0 related to the processing of the /ajax.php?action=save receiving file. Manipulation of the ID argument...

WordPress plugin ELEX WooCommerce Google Shopping SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

FOG 访问控制错误漏洞

FOG is an open source computer cloning and management system open-sourced by the FOG Project. An access control error vulnerability exists in FOG 1.5.10.1673 and prior versions, which stems from an authentication bypass that could allow an attacker to unauthenticatedly dump a full SQL database...

CVE-2025-9932

A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attack may be initiated remotely. The exploit has been publishe...

CVE-2025-9928

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-10012

Portabilis i-Educar up to 2.10 is affected by an SQL injection in educar_historico_escolar_lst.php via manipulation of the ref_cod_aluno parameter. The issue enables remote exploitation and has been publicly disclosed. Remediation per sources is to upgrade to a version newer than 2.10 or apply th...

CVE-2025-10011

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-58788 WordPress License Manager for WooCommerce Plugin <= 3.0.12 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through = 3.0.12...

SQL Injection

apachesuperset is vulnerable to SQL Injection. The vulnerability is due to improper enforcement of the DISALLOWEDSQLFUNCTIONS security feature, which allows an attacker with SQL Lab access to circumvent the denylist using a special inline block and execute restricted SQL functions...

WordPress plugin License Manager for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-36218

Name of the Vulnerable Software and Affected Versions: gopiplus New Simple Gallery versions through 8.0 Description: The software contains an SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Version...

PT-2025-36251

Name of the Vulnerable Software and Affected Versions: Miraculous versions prior to 2.0.9 Description: The Miraculous software contains a SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Update...