The vulnerability of the `people_depts` function in the `people_depts.php` file of the openDCIM software management infrastructure, which allows a hacker to execute arbitrary code.

The vulnerability of the peopledepts function in the peopledepts.php file of the openDCIM software for managing data infrastructure involves the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the QuerySubscribers function. An attacker can escalate privileges by injecting malicious SQL commands. Remediation Upgrade github.com/knadh/listmonk/internal/core to version 5.0.0 or higher. References - GitHub Commit...

CVE-2025-5557

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotel...

CVE-2025-5556

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack...

CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which is caused by incorrect manipulation of the parameter content in the file /profile.php...

PHPGurukul Curfew e-Pass Management System 注入漏洞

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-category-detail.ph...

PHPGurukul Rail Pass Management System 注入漏洞

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /download-pass.php. An attacker can...

PHPGurukul Online Fire Reporting System 注入漏洞

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter requestid in the file /details.php. An attacker can exploi...

WordPress plugin Ultimate Gift Cards for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress Ultimate Gift Cards for WooCommerce plugin suffers from an SQL injection vulnerability that stems from the application's lack of validation of externally entered S...

CVE-2025-3951

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...

Marwal Infotech CMS 注入漏洞

Marwal Infotech CMS is a content management system from Marwal Infotech. An injection vulnerability exists in Marwal Infotech CMS version 1.0, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /page.php...

CVE-2025-5375

A vulnerability was found in PHPGurukul HPGurukul Online Birth Certificate System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/registered-users.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack...

CVE-2025-5365

A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely...

SourceCodester Health Center Patient Record Management System 安全漏洞

SourceCodester Health Center Patient Record Management System is a SourceCodester open source health center patient record management system. A security vulnerability exists in SourceCodester Health Center Patient Record Management System version 1.0, which is caused by a SQL injection due to an...

PHPGurukul Online Birth Certificate System 安全漏洞

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/all-applications.php. An...

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of injection vulnerability exists, the vulnerability stems from the file /cgAutoListController.do?datagrid function CgAutoListController SQL injection...

Cyber Cafe Management System 注入漏洞

Cyber Cafe Management System CCMS is a cyber cafe management system by the individual developer Anuj Kumar. An injection vulnerability exists in Cyber Cafe Management System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameters fromdate/todate in the file...

Employee Record Management System /loginerms.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Email in the file /loginerms.php. An attacker c...

Company Visitor Management System /bwdates-reports-details.php File SQL Injection Vulnerability

Company Visitor Management System is a visitor management system. Company Visitor Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file /bwdates-reports-details.php...

USN-7530-1 libphp-adodb vulnerability

It was discovered that ADOdb incorrectly handled SQL input. A remote attacker could use this issue to execute arbitrary SQL commands...