itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/billinfo.php. An attacker can exploit this vulnerability...

PuneethReddyHc Online Shopping System Advanced 安全漏洞

PuneethReddyHc Online Shopping System Advanced is an open source online shopping system by the individual developers of Puneeth Reddy HC in India. A security vulnerability exists in PuneethReddyHC Online Shopping System Advanced version 1.0, which stems from the keyword parameter not being cleane...

CVE-2025-51969

CVE-2025-51969 is a SQL Injection in PuneethReddyHC Online Shopping System Advanced 1.0. The flaw resides in the product_id GET parameter used by product.php and is not properly validated before inclusion in SQL statements. Affected software: PuneethReddyHC Online Shopping System Advanced 1.0 (pr...

CVE-2025-4225 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 14.1 before 18.1.5, 18.2 before 18.2.5, and 18.3 before 18.3.1 that that under certain conditions could have allowed an unauthenticated attacker to cause a denial-of-service condition affecting all users by sending specially...

CVE-2025-30058

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter...

CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter

In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...

CVE-2025-30060 SQL injection in ReturnUserUnitsXML.pl via the UserID parameter

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-30058

Technical details for CVE-2025-30058 are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources only reference a SQL injection via pesel in PatientService.pl.

CVE-2025-9511 itsourcecode Apartment Management System addvisitor.php sql injection

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available...

CVE-2025-9511

CVE-2025-9511 affects itsourcecode Apartment Management System 1.0, specifically the /visitor/addvisitor.php file. The root cause is manipulation of the ID parameter that enables SQL injection, with remote exploitability and a publicly available exploit. Several connected sources confirm the vuln...

CVE-2025-9507

A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitorinfo.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to th...

CVE-2025-9504

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...

CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...

CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...

CGM CLININET SQL注入漏洞

CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the getPerfServiceIds function, which could lead to a SQL injection attack...

readarr 安全漏洞

Readarr is an open source eBook library management system from Readarr. A security vulnerability exists in readarr version 0.4.15.2787, which stems from improper cleanup of the sortKey parameter in the GET /api/v1/wanted/cutoff API endpoint, which could lead to an SQL injection attack...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /branch/addbranch.php. An attacker can exploit this...

PT-2025-34853 · Unknown · Patientservice.Pl

Name of the Vulnerable Software and Affected Versions: PatientService.pl affected versions not specified Description: The getPatientIdentifier function within the PatientService.pl service is susceptible to SQL injection due to improper handling of the pesel parameter. Recommendations: As a...

PT-2025-34823

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A security issue has been identified in Campcodes Online Loan Management System 1.0. The manipulation of the lastname argument in an unknown function of the file...

PT-2025-34952

Name of the Vulnerable Software and Affected Versions: St. Joe ERP System affected versions not specified Description: A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST...