CVE-2025-1611

A vulnerability was found in ShopXO up to 6.4.0. It has been classified as problematic. This affects an unknown part of the file app/service/ThemeAdminService.php of the component Template Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit ha...

CVE-2024-2064

A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be...

PT-2026-1445

Cayin Signage Media Player 3.0 contains an authenticated remote command injection vulnerability in system.cgi and wizard system.cgi pages. Attackers can exploit the 'NTP Server IP' parameter with default credentials to execute arbitrary shell commands as root...

CVE-2026-0590

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

CVE-2026-0590 code-projects Online Product Reservation System POST Parameter delete.php sql injection

A vulnerability was determined in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file /app/checkout/delete.php of the component POST Parameter Handler. This manipulation of the argument ID causes sql injection. It is possible to initiate th...

CVE-2026-0585 code-projects Online Product Reservation System GET Parameter order_view.php sql injection

A security vulnerability has been detected in code-projects Online Product Reservation System 1.0. Impacted is an unknown function of the file /orderview.php of the component GET Parameter Handler. Such manipulation of the argument transactionid leads to sql injection. The attack can be executed...

EUVD-2026-0918

A vulnerability was identified in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssmpro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can ...

CVE-2025-15442

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/productlist. This manipulation of the argument cateid causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

EUVD-2026-0781

A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing manipulation of the argument cat/price/name/model/serial results in sql injection. It ...

CVE-2026-0546

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may ...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2026-0565

A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2026-0546

A vulnerability was determined in code-projects Content Management System 1.0. This impacts an unknown function of the file search.php. This manipulation of the argument Value causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may ...

CVE-2025-15435

CVE-2025-15435 affects Yonyou KSOA 9.0. The vulnerability is an SQL injection in an unknown functionality of file /worksheet/work_update.jsp, triggered by manipulating the Report argument. The attack can be initiated remotely and an exploit has been published; vendor response is not provided. Con...

CVE-2025-15434 Yonyou KSOA PrintZPYG.jsp sql injection

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. The manipulation of the argument zpjhid results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early...

CVE-2025-15427

CVE-2025-15427 concerns a SQL injection in Seeyon Zhiyuan OA Web Application System, triggered by manipulating the CAR_BRAND_NO argument in the file /carManager/carUseDetailList.js%73p. Multiple sources confirm remote-exploitability and a publicly released exploit. Affected software includes Seey...

CVE-2025-15420 Yonyou KSOA agent_work_report.jsp sql injection

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...

PT-2026-1036

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A security issue exists in Yonyou KSOA 9.0 related to SQL injection. The issue is located in the file /worksheet/agent work report.jsp. Manipulation of the ID argument can lead to a successful exploit. The...

CVE-2025-15407

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Createcategory.php. Such manipulation of the argument dreCtitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public an...

CVE-2025-15407

CVE-2025-15407 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/Create_category.php, triggered by manipulation of the dre_Ctitle parameter. Exploitation could be performed remotely, and public disclosures exist. Multiple...