CVE-2025-9700

The CVE-2025-9700 entry concerns SourceCodester Online Book Store 1.0 where the /publisher_list.php endpoint processes the pubid parameter unsafely, enabling SQL injection. Several trusted sources corroborate a remote-executable SQL injection vulnerability stemming from incorrect handling of pubi...

CVE-2025-9681 O2OA Personal Profile agent cross site scripting

A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /xprogramcenter/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be use...

CVE-2025-9669

A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used...

CVE-2025-9662

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

CVE-2025-9660 SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection

A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The explo...

PT-2025-35212

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Apartment Management System version 1.0. The vulnerability is located in the /setting/utility bill setup.php file, where manipulati...

CVE-2025-9585 Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9582

A flaw has been found in Comfast CF-N1 2.6.0. Affected is the function ntptimezone of the file /usr/bin/webmgnt. Executing manipulation of the argument timestr can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2025-35150

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection flaw exists due to manipulation of the usid argument in the /report/unit status info.php file. The attack can be executed remotely. The exploit has been...

CVE-2025-9509

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-9509

A security flaw has been discovered in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/fairinfoall.php. Performing manipulation of the argument fid results in sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-9505

A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveloantype. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection

A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...

CVE-2025-9504

CVE-2025-9504 affects Campcodes Online Loan Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /ajax.php?action=save_plan, caused by manipulation of the ID argument. Exploitation can be performed remotely, and public exploits are available. Techni...

PT-2025-34832

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security flaw exists in itsourcecode Apartment Management System version 1.0 related to the processing of the /report/fair info all.php file. Manipulation of the fid argument...

CVE-2025-9492

A vulnerability was determined in Campcodes Online Water Billing System 1.0. This affects an unknown function of the file /addclient1.php. Executing manipulation of the argument lname can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may b...

CVE-2025-9470

A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/addmcommittee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

CVE-2025-9469

A vulnerability was detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fund/addfund.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public an...

PT-2025-34739

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument in the processing of the /owner utility/add owner utility.php file. This can be exploited remotely. The...