CVE-2025-10813

A vulnerability was found in code-projects Hostel Management System 1.0. Affected is an unknown function of the file /justines/admin/modreports/index.php. The manipulation of the argument Home results in sql injection. It is possible to launch the attack remotely. The exploit has been made public...

CVE-2025-10811

A flaw has been found in code-projects Hostel Management System 1.0. This affects an unknown function of the file /justines/admin/modcomments/index.php?view=view. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2025-10807

CVE-2025-10807 affects Campcodes Online Beauty Parlor Management System v1.0. The vulnerability is an SQL injection caused by improper handling of the “editid” parameter in the file /admin/edit-customer-detailed.php, enabling remote exploitation. Public exploits have been released. Multiple sourc...

CVE-2025-10802

A flaw has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/remove.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10800 itsourcecode Online Discussion Forum index.php sql injection

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

PT-2025-38718

Name of the Vulnerable Software and Affected Versions itsourcecode Online Discussion Forum version 1.0 Description A flaw exists in itsourcecode Online Discussion Forum that could allow for remote code execution. The issue is related to a SQL injection impacting an unknown function within the...

PT-2025-38739

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 7.4 GA through update 92 Description A stored cross-site scripting XSS issu...

CVE-2025-10670

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /checkprofile.php. Executing manipulation of the argument profileid can lead to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-10664

A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10712 07FLYCMS/07FLY-CMS/07FlyCRM login sql injection

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-10687

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

CVE-2025-10673

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-10664

A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10665

The CVE-2025-10665 entry concerns kidaze CourseSelectionSystem (versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464). The vulnerability is in an unknown function of the file /Profilers/PProfile/COUNT3s3.php where the parameter csem is manipulated to cause SQL injection. Remote exploitation...

CVE-2025-10662

A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /adminmembers.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be use...

CVE-2025-10623

The CVE-2025-10623 entry concerns SourceCodester Hotel Reservation System 1.0. The vulnerable element is the deleteuser.php file, where manipulation of the ID parameter results in an SQL injection. The vulnerability is exploitable remotely and there are public PoCs. Exploitation is supported by m...

CVE-2025-10621 SourceCodester Hotel Reservation System editroomimage.php sql injection

A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-10601

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Affected is an unknown function of the file /admin/index.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the publi...

CVE-2025-10602

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deletes1.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...