CVE-2026-0570

A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-0546

Code-projects Content Management System 1.0 contains a SQL injection in search.php via manipulation of the Value parameter. This vulnerability can be exploited remotely and has publicly disclosed exploit information. Multiple connected sources (PT-2026-1061, Red Hat/CVE feed, NVD/CVE entry, CNNVD...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15435

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/workupdate.jsp. This manipulation of the argument Report causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. The vend...

CVE-2025-15436 Yonyou KSOA work_edit.jsp sql injection

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/workedit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may b...

CVE-2025-15427

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different...

PT-2026-1056

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the file '/worksheet/work update.jsp'. Manipulation of the Report argument in this file can lead to SQL injection. The attack can be initiated remotely. An exploit...

CVE-2025-15409 code-projects Online Guitar Store Delete_product.php sql injection

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

CVE-2025-15409 code-projects Online Guitar Store Delete_product.php sql injection

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

CVE-2025-15409

A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Deleteproduct.php. Executing a manipulation of the argument delpro can lead to sql injection. The attack may be performed from remote. The exploit...

CVE-2025-15408

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing a manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made publi...

CVE-2026-0544

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public an...

CVE-2023-7331

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2023-7331

Summary: CVE-2023-7331 affects PKrystian Full-Stack-Bank, specifically the User Handler component. The vulnerability arises from manipulation of unknown code leading to SQL injection, and is remotely exploitable. The product uses a rolling-release model, so no precise affected/updated version det...

CVE-2023-7331 PKrystian Full-Stack-Bank User sql injection

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-15208

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has bee...

CVE-2025-15354

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

CVE-2025-15354 itsourcecode Society Management System add_admin.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

CVE-2025-15354 itsourcecode Society Management System add_admin.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

CVE-2025-15263 BiggiDroid Simple PHP CMS Admin Login login.php sql injection

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made...