HackerOne: DOS via Mutation Aliasing in GraphQL Account Recovery Phone Number Verification API

The GraphQL API's 'verifyAccountRecoveryPhoneNumber' mutation was found to be vulnerable to denial-of-service attacks through mutation aliasing. The vulnerability allowed multiple aliases of the same mutation to be included in a single request, causing the server to process each mutation...

The vulnerability of the WeGIA web manager’s script /html/saude/profile_paciente.php, which allows a hacker to disclose confidential information

The vulnerability of the WeGIA web manager’s script /html/saude/profilepaciente.php is related to the failure to protect the SQL query structure when processing the parameter idfuncionario. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose confidential informati...

CVE-2025-51535

Austrian Archaeological Institute AI OpenAtlas v8.11.0 as discovered to contain a SQL injection vulnerability...

Austrian Archaeological Institute OpenAtlas 安全漏洞

Austrian Archaeological Institute OpenAtlas is a software platform for humanities research from Austrian Archaeological Institute, Austria. A security vulnerability exists in Austrian Archaeological Institute OpenAtlas version v8.11.0 that stems from the presence of SQL injection...

The vulnerability of the WeGIA web manager, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the WeGIA web manager is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the WeGIA web manager, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the WeGIA web manager is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

Code-Projects Online Medicine Guide 注入漏洞

Code-Projects Online Medicine Guide is an online medicine guide from Code-Projects open source. An injection vulnerability exists in Code-Projects Online Medicine Guide version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter Search in the file...

Code-Projects Wazifa System 注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Password in the file /controllers/updatesettings.php. An attacker can use this vulnerability to...

Vehicle Management edit1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter sno in the file /edit1.php. An attacker can exploit this vulnerability to execute illegal S...

WordPress Smart Slider plugin SQL Injection Vulnerability

WordPress Smart Slider plugin is a powerful WordPress plugin that is mainly used to create responsive slideshows/sliders that support images, videos, posts and other forms of content presentation. WordPress Smart Slider plugin suffers from a SQL injection vulnerability that stems from the...

Exam Form Submission /register.php File SQL Injection Vulnerability

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter USN in the file /register.php. An attacker can exploit this vulnerability to execute illegal SQL...

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. The vulnerability can be exploited by an attacker to execute...

Code-Projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter.php. An attacker can exploit this vulnerability to execute illegal...

code-projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter from in the file /filter2.php. An attacker can exploit this vulnerability to execute illega...

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from SQL injection and could lead to database manipulation...

Code-Projects Vehicle Management 注入漏洞

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter company in the file /addcompany.php. An attacker can exploit this vulnerability to execute...

Projectworlds Online Admission System 安全漏洞

Online Admission System is an online admission system. The Online Admission System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter ID of the file /adminac.php. An attacker can exploit this vulnerability to...

CVE-2025-8334

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=deleterecruitmentstatus. The manipulation of the argument ID leads to sql injection. The attack m...

code-projects Exam Form Submission 注入漏洞

Exam Form Submission is an exam form. Exam Form Submission suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in parameter ID in file /admin/deletes8.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

Piwigo 安全漏洞

Piwigo is Piwigo open source a set of Web-based open source image library software. The software includes features such as image management, image categorization and permission management. A security vulnerability exists in Piwigo 13.8.0 and earlier versions, which stems from the unvalidated...