CVE-2025-8932

CVE-2025-8932 affects 1000 Projects Sales Management System 1.0. A SQL injection exists in the code path handling the /superstore/admin/sales.php file, caused by manipulating the ssalescat parameter. The vulnerability is remotely exploitable and has been publicly disclosed. Several connected sour...

CVE-2025-8932 1000 Projects Sales Management System sales.php sql injection

A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to...

CVE-2025-8811

A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely...

CVE-2025-8808 xujeff tianti 天梯 com.jeff.tianti.controller save exportOrder csv injection

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated...

CVE-2025-8704

A vulnerability, which was classified as critical, has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This issue affects some unknown processing of the file /WEASAlarmResult/GetAlarmResultProcessList of the component Analysis Conclusion Query Module. The manipulatio...

CVE-2025-8703

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEASHomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energy...

CVE-2025-8697

A vulnerability was found in agentUniverse up to 0.0.18 and classified as critical. This issue affects the function StdioServerParameters of the component MCPSessionManager/MCPTool/MCPToolkit. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-8667

A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function fromcode/fromdict/frommcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch t...

CVE-2025-8705 Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module GetTargetConfig sql injection

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEASHomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BPProID leads to sql...

PT-2025-32418 · Unknown · Cesiumlab Web

Name of the Vulnerable Software and Affected Versions: CesiumLab Web versions prior to 4.1 Description: A critical vulnerability exists in CesiumLab Web. The issue affects unknown code within the /lodmodels/ file and allows for SQL injection through manipulation of the ID argument. This attack ca...

Human Resource Integrated System action.php File Cross-Site Scripting Vulnerability

Human Resource Integrated System is a human resource management system. A cross-site scripting vulnerability exists in Human Resource Integrated System, which originates from the unspecified parameter content not being security filtered in the /insert-and-view/action.php file. An attacker could...

CVE-2025-8438

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. This vulnerability affects unknown code of the file /controllers/postpublish.php. The manipulation of the argument post leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2025-8436

A vulnerability was found in projectworlds Online Admission System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /viewdoc.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has be...

PT-2025-32501 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...

CVE-2025-8408

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-8250

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/updates4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-8240

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. Th...

CVE-2025-8237

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updates1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has be...

CVE-2025-51458

SQL Injection in editorsqlrun and queryex in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary SQL statements via crafted input passed to the /v1/editor/sql/run or /v1/editor/chart/run endpoints, interacting with apieditorv1.editorsqlrun, editorchartrun, and...

CVE-2025-7838

A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manageseat.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The...