8254 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-41320
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...
CVE-2025-9690
A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...
CVE-2025-9768 itsourcecode Sports Management System mode.php sql injection
A vulnerability was identified in itsourcecode Sports Management System 1.0. This impacts an unknown function of the file /Admin/mode.php. The manipulation of the argument code leads to sql injection. The attack is possible to be carried out remotely...
CVE-2025-9764
A flaw has been found in itsourcecode Sports Management System 1.0. Impacted is an unknown function of the file /Admin/resultdetails.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2025-9765
CVE-2025-9765 affects the itsourcecode Sports Management System 1.0. Multiple connected sources confirm a SQL injection in the /Admin/tournament_details.php file, triggered by manipulating the ID parameter due to lack of input validation. Exploitation can be remote, and public disclosure is noted...
CVE-2025-9763
A vulnerability was detected in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /studentsignup.php. The manipulation of the argument Username results in sql injection. The attack can be launched remotely. The exploit is now public and may be...
PT-2025-35443
Name of the Vulnerable Software and Affected Versions: deepakmisal24 Chemical Inventory Management System version 1.0 Description: A vulnerability exists in deepakmisal24 Chemical Inventory Management System version 1.0. Manipulation of the chem name argument in the /inventory form.php file can...
itsourcecode Sports Management System 安全漏洞
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter ID in file /Admin/tournamentdetails.php. An attacker can exploit this vulnerability t...
CampCodes Online Learning Management System 安全漏洞
CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter Userna...
itsourcecode Sports Management System 安全漏洞
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/facilitator.php. An attacker can exploit this vulnerabili...
PT-2025-35459
Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A vulnerability exists in itsourcecode Sports Management System 1.0. The issue involves a SQL injection affecting an unknown function within the /Admin/tournament details.php file...
CVE-2025-9742
CVE-2025-9742 affects code-projects' Human Resource Integrated System 1.0. The vulnerability arises from improper handling of the login.php input, where manipulation of the user/pass parameters enables SQL injection. Impact stated in sources includes potential remote exploitation and data exposur...
CVE-2025-9741 code-projects Human Resource Integrated System login_query12.php sql injection
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...
CVE-2025-9739
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2025-9664
A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /addstudentgrade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection. It is possible to launch the attack remotely. The exploit h...
CVE-2025-8858
Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-44033
SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...
Apartment Management System unit_status_info.php File SQL Injection Vulnerability
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter usid in the file /report/unitstatusinfo.php. An attacker can exploit...
CVE-2025-50983
SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...
CVE-2025-51968
A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...