CVE-2025-14211

A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deletebook.php. Performing a manipulation of the argument bookid results in sql injection. The attack may be initiated remotely. The exploi...

CVE-2025-14256

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-14257

The CVE-2025-14257 issue affects itsourcecode Student Management System 1.0, with the vulnerable component/file being /newrecord.php and the parameter ID. The underlying flaw is a SQL injection caused by manipulating the ID argument, enabling remote exploitation. Exploitation is published and can...

CVE-2025-14193

A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /viewpersonnel.php. Executing a manipulation of the argument perid can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14190

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

CVE-2025-14227

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

CVE-2025-14226

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

CVE-2025-14226

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and...

CVE-2025-14216 code-projects Currency Exchange System viewserial.php sql injection

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

CVE-2025-14212

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /membersearch.php. Executing a manipulation of the argument rollnumber can lead to sql injection. The attack may be launched remotely. The exploit has be...

CVE-2025-14210 projectworlds Advanced Library Management System delete_member.php sql injection

A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /deletemember.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-14190

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

CVE-2025-14185 Yonyou U8 Cloud AppServletService.class sql injection

A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The explo...

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

CVE-2025-14090

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-14011

A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely...

PT-2025-48385

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the...

CVE-2025-13560

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-13556

A flaw has been found in Campcodes Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checklogin.php. Executing a manipulation of the argument myusername can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-13545

A security vulnerability has been detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this vulnerability is an unknown functionality of the file /adminarea/index.php. The manipulation of the argument editpack leads to sql injection. The attack can be...