CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-9418

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /owner/addowner.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed...

CVE-2025-9504

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...

CVE-2025-39496

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6...

CVE-2025-9691

A vulnerability has been found in Campcodes Online Shopping System 1.0. This impacts an unknown function of the file /login.php. Such manipulation of the argument Password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-9689

The CVE-2025-9689 entry concerns SourceCodester Advanced School Management System 1.0. The vulnerability is located in an unknown function of the file /index.php/stock/item_select, where manipulation of the q parameter results in SQL injection. It is exploitable remotely and exploits are publicly...

CVE-2025-9685

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2025-54946 SUNNET Corporate Training Management System - SQL Injection

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

PT-2025-35381

Name of the Vulnerable Software and Affected Versions: SourceCodester Water Billing System version 1.0 Description: A SQL injection weakness exists in the /paybill.php file due to manipulation of the ID argument. Remote exploitation is possible. The exploit has been made publicly available...

CampCodes Advanced Online Voting System 安全漏洞

CampCodes Advanced Online Voting System is an advanced online voting system from CampCodes, Inc. A security vulnerability exists in version 1.0 of the CampCodes Advanced Online Voting System, which results from a SQL injection due to incorrect manipulation of the parameter Username in the file...

PT-2025-35341

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A SQL injection flaw exists in SUNNET Corporate Training Management System. This issue allows remote attackers to execute arbitrary SQL commands. Recommendations...

Linux Distros Unpatched Vulnerability : CVE-2020-26413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL results in user email...

PT-2025-35361

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping System version 1.0 Description: A SQL injection issue exists in Campcodes Online Shopping System version 1.0. The issue is located in the /login.php file, affecting an unknown function. Manipulation of the Password...

CVE-2025-9678

A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=deleteborrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-29894

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-9665

The CVE covers code-projects Simple Grading System 1.0, where the Admin Panel’s /edit_student.php contains a vulnerability in the ID parameter that allows SQL injection. This is exploitable remotely, with public exploit material available. Affected component is the Admin Panel through an unknown ...

CVE-2025-9663

A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /editaccount.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicl...

CVE-2025-9663 code-projects Simple Grading System Admin Panel edit_account.php sql injection

A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /editaccount.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicl...

CVE-2025-9662 code-projects Simple Grading System Admin Panel login.php sql injection

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2025-9645 itsourcecode Apartment Management System r_all_info.php sql injection

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /tdashboard/rallinfo.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used...