EUVD-2025-197774

A flaw has been found in Dromara dataCompare up to 1.0.1. The affected element is the function DbConfig of the file src/main/java/com/vince/xq/project/system/dbconfig/service/DbconfigServiceImpl.java of the component JDBC URL Handler. Executing manipulation can lead to injection. The attack can b...

CVE-2025-13268

CVE-2025-13268 affects Dromara dataCompare up to 1.0.1, targeting the JDBC URL Handler component. The root cause is an issue in the DbConfig function of DbconfigServiceImpl.java that can be exploited to perform injection remotely. Multiple sources verify the vulnerability and note that an exploit...

CVE-2025-13260 Campcodes Supplier Management System edit_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/editproduct.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

CVE-2025-13255 projectworlds Advanced Library Management System book_search.php sql injection

A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /booksearch.php. Performing a manipulation of the argument bookpub/booktitle results in sql injection. It is possible to initiate the attack remotely...

PT-2025-47103

A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing manipulation of the argument roll number can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

PT-2025-47108

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

PT-2025-47128

Name of the Vulnerable Software and Affected Versions Dromara dataCompare versions up to 1.0.1 Description A flaw exists in Dromara dataCompare related to the JDBC URL Handler component. The issue resides within the DbConfig function of the file...

EUVD-2025-197728

A security flaw has been discovered in PHPGurukul Tourism Management System 1.0. The affected element is an unknown function of the file /admin/user-bookings.php. The manipulation of the argument uid results in sql injection. It is possible to launch the attack remotely. The exploit has been...

EUVD-2025-197715

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executing manipulation of the argument useremail can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly...

PT-2025-47070

Name of the Vulnerable Software and Affected Versions itsourcecode Inventory Management System version 1.0 Description A flaw exists in itsourcecode Inventory Management System 1.0 that allows for remote SQL injection. The issue is located in the file /admin/products/index.php?view=edit,...

CVE-2025-13170

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/editaccount.php. Performing a manipulation of the argument adminid results in sql injection. The attack is possible to be carried out remotely. T...

CVE-2025-13170 code-projects Simple Online Hotel Reservation System edit_account.php sql injection

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0. This issue affects some unknown processing of the file /admin/editaccount.php. Performing a manipulation of the argument adminid results in sql injection. The attack is possible to be carried out remotely. T...

PT-2025-46990

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security flaw exists in CodeAstro Gym Management System version 1.0. The issue involves a SQL injection impacting an unknown function within the /admin/view-member-report.php file...

CVE-2025-13123

CVE-2025-13123 affects AMTT Hotel Broadband Operation System 1.0. The vulnerability is a SQL injection in the unknown function of the file /user/portal/get_firstdate.php triggered by manipulating the uid parameter. The issue can be exploited remotely and an exploit has been published; multiple so...

PT-2025-46877

Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1.0 Description A flaw exists in the software that allows for remote SQL injection. The issue is located in the getPatientAppointment function within the /php/api patient...

CVE-2025-12939

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has...

PT-2025-45596

Name of the Vulnerable Software and Affected Versions SourceCodester Survey Application System version 1.0 Description A flaw exists in the SourceCodester Survey Application System that allows for SQL injection. This occurs through manipulation of the fullname argument within the save user/update...

CVE-2025-12861

A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...

CVE-2025-12861

CVE-2025-12861 affects DedeBIZ up to version 6.3.2. The vulnerability resides in /admin/spec_add.php, where manipulation of the flags[] parameter enables SQL injection. Exploitation is remote and public. Remediation: update to a fixed version (6.3.2+ or later) or apply vendor-provided mitigations.

CVE-2025-12860

A vulnerability was found in DedeBIZ up to 6.3.2. Affected is an unknown function of the file /admin/freelistmain.php. The manipulation of the argument orderby results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...