CVE-2025-8925 itsourcecode Sports Management System match.php sql injection

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8921 code-projects Job Diary user-apply.php sql injection

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument jobtitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and...

CVE-2025-8908 Shanghai Lingdang Information Technology Lingdang CRM event.php sql injection

A vulnerability was determined in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.5.4. Affected by this issue is some unknown functionality of the file crm/WeiXinApp/yunzhijia/event.php. The manipulation of the argument openid leads to sql injection. The attack may be launched...

SQL Injection

bacula-web/bacula-web is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in HTTP GET requests, which allows an attacker to execute arbitrary code remotely...

CVE-2025-8914

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-8914 WellChoose｜Organization Portal System - SQL Injection

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

Code-Projects Job Diary 注入漏洞

Job Diary is a job diary software. Job Diary suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID in the file /admin-inbox.php. An attacker can exploit this vulnerability to execute illegal SQL commands to...

PT-2025-33273 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A bypass of the DISALLOWED SQL FUNCTIONS security feature allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allo...

PT-2025-33066 · Job Diary · Job Diary

Name of the Vulnerable Software and Affected Versions: Job Diary version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument. This affects unknown code within the /edit-details.php file. The attack can be initiated remotely. The exploit has been disclosed...

WellChoose Organization Portal System SQL注入漏洞

WellChoose Organization Portal System is an electronic directory service system from WellChoose in Taiwan, China. The WellChoose Organization Portal System suffers from a SQL injection vulnerability that arises from the application's lack of validation of externally entered SQL statements. The...

PT-2025-32977 · Unknown · Wellchoose Organization Portal System

Name of the Vulnerable Software and Affected Versions: WellChoose Organization Portal System affected versions not specified Description: The WellChoose Organization Portal System is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL command...

CVE-2025-55168 WeGIA SQL Injection via id_fichamedica at endpoint `GET /html/saude/aplicar_medicamento.php`

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...

CVE-2025-53727

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-49758

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-49759

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-47954

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-47954

CVE-2025-47954 is a Microsoft SQL Server elevation-of-privilege vulnerability arising from improper neutralization of special elements in SQL commands (SQL injection). It affects SQL Server components where an attacker, leveraging network access and with low privileges, can achieve total privileg...

CVE-2025-49759

CVE-2025-49759 is a Microsoft SQL Server Elevation of Privilege vulnerability arising from improper neutralization of input used in SQL commands (SQL injection) in system procedures. An authenticated attacker could exploit this over a network to elevate privileges within the affected SQL Server d...