CVE-2025-10413 Campcodes Grocery Sales and Inventory System ajax.php sql injection

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=deletecustomer. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-10405 itsourcecode Baptism Information Management System listbaptism.php sql injection

A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument baptid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-10103 code-projects Online Event Judging System home.php sql injection

A weakness has been identified in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /home.php. Executing manipulation of the argument mainevent can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the...

CVE-2025-10082

A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and m...

CVE-2025-9730

A vulnerability was found in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /ajax/updateProfile.php. The manipulation of the argument userid results in sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2025-9694

CVE-2025-9694 affects Campcodes Advanced Online Voting System 1.0. The vulnerability lies in an unknown functionality of /admin/login.php where manipulating the Username argument enables SQL injection. Exploitation can be remote and there are public disclosures of the exploit. CVSS data indicate ...

CVE-2025-9662

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2025-9598

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. Affected is an unknown function of the file /setting/yearsetup.php. Performing manipulation of the argument txtXYear results in sql injection. The attack can be initiated remotely. The exploit has been released t...

PT-2025-35176

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A flaw exists in Portabilis i-Educar up to version 2.10, related to SQL injection. The issue is located in the /module/TabelaArredondamento/view file within the Tabelas de Arredondamento Pa...

CVE-2025-9592

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/billinfo.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

CVE-2025-9532

Portabilis i-Educar up to version 2.10 contains a SQL injection in the RegraAvaliacao/view path triggered by manipulating the ID parameter. The flaw is exploitable remotely and has published proof-of-concept materials in public references. Multiple sources (Red Hat, NVD, CVE lists, and vendor-foc...

CVE-2025-9511

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available...

CVE-2025-9509 itsourcecode Apartment Management System fair_info_all.php sql injection

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-9509 itsourcecode Apartment Management System fair_info_all.php sql injection

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-9473

SourceCodester Online Bank Management System 1.0 has a SQL injection in /feedback.php triggered by manipulating the msg parameter. The vulnerability is remote and has public exploit discussion. Multiple sources describe the issue and its impact on confidentiality, integrity, and availability as h...

CVE-2025-9471

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/addmaintenancecost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-9468 itsourcecode Apartment Management System add_bill.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /bill/addbill.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-9421

A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public an...

CVE-2025-9413 lostvip-com ruoyi-go system_router.go SelectListByPage sql injection

A flaw has been found in lostvip-com ruoyi-go up to 2.1. This impacts the function SelectListByPage of the file modules/system/systemrouter.go. This manipulation of the argument orderByColumn/isAsc causes sql injection. The attack may be initiated remotely. The exploit has been published and may ...

CVE-2025-9399

YiFang CMS