PT-2025-37478

Name of the Vulnerable Software and Affected Versions: Campcodes Computer Sales and Inventory System version 1.0 Description: A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Manipulation of the Username argument in the file /pages/us transac.php?action=add can...

PT-2025-37412

Name of the Vulnerable Software and Affected Versions: Korzh EasyQuery versions through 7.4.0 Description: A weakness exists in Korzh EasyQuery due to SQL injection. The issue affects unknown processing of the /api/easyquery/models/nwind/fetch API endpoint within the Query Builder UI component...

PT-2025-37419

Name of the Vulnerable Software and Affected Versions: PHPGurukul Beauty Parlour Management System version 1.1 Description: A SQL injection issue exists in PHPGurukul Beauty Parlour Management System version 1.1. The issue is located in the /admin/readenq.php file, within an unknown function...

CVE-2025-56407

A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-10078

A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be use...

Linux Distros Unpatched Vulnerability : CVE-2018-13449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statutbuy...

Linux Distros Unpatched Vulnerability : CVE-2017-17899

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via t...

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

CVE-2025-10114

A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-10114

A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2025-10115 SiempreCMS user_search_ajax.php sql injection

A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file usersearchajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

PT-2025-36536

Name of the Vulnerable Software and Affected Versions: SiempreCMS versions up to 1.3.6 Description: A SQL injection issue exists in the user search ajax.php file of SiempreCMS. Manipulation of the name/userName argument can trigger the issue. The attack can be initiated remotely, and the exploit...

CVE-2025-10112 itsourcecode Student Information Management System index.php sql injection

A weakness has been identified in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/department/index.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10102

The CVE-2025-10102 entry concerns code-projects Online Event Judging System 1.0. The vulnerability is a SQL injection in the /index.php file caused by manipulating the Username parameter; it is exploitable remotely and the exploit has been publicly released. Multiple connected sources corroborate...

CVE-2025-10030

A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=savereceiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-10087

SourceCodester Pet Grooming Management Software 1.0 is affected by a SQL injection in /admin/profit_report.php via the product_id parameter. The vulnerability is exploitable remotely and can be triggered without user interaction, with the exploit publicly disclosed. Root cause: improper handling ...

CVE-2025-10082

A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and m...

CVE-2025-10082 SourceCodester Online Polling System manage-admins.php sql injection

A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and m...

CVE-2025-10079

CVE-2025-10079 affects PHPGurukul Small CRM 4.0. The vulnerability is in the file /get-quote.php where manipulation of the contact parameter (Contact) enables a SQL injection. The issue can be exploited remotely, with exploit activity described as published and potentially usable in the wild. Doc...