CVE-2025-9644

A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/billsetup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-9643

A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utilitybillsetup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack...

CVE-2025-9600 itsourcecode Apartment Management System member_type_setup.php sql injection

A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/membertypesetup.php. The manipulation of the argument txtMemberType leads to sql injection. The attack may be initiated remotely. T...

CVE-2025-9593

A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unitstatusinfo.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...

PT-2025-34872 · Portabilis · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A flaw has been found in Portabilis i-Educar that allows for SQL injection. Manipulation of the ID argument in the /RegraAvaliacao/view file can lead to exploitation. The attack can be...

CVE-2025-9473

A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly an...

CVE-2025-9426

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been...

CVE-2025-9417

A weakness has been identified in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /employee/addemployee.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...

CVE-2025-9399

A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/Ltool.php. The manipulation of the argument newurl results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendo...

PT-2025-34687 · Lostvip Com · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: lostvip-com ruoyi-go versions up to 2.1 Description: A security issue exists in the SelectPageList function within the modules/system/service/LoginInforService.go file. Manipulation of the isAsc argument can lead to SQL injection. This issue ...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

PT-2025-34567 · Unknown · Bjskzy Zhiyou Erp

Name of the Vulnerable Software and Affected Versions: Bjskzy Zhiyou ERP versions prior to 11.1 Description: A weakness has been identified in Bjskzy Zhiyou ERP that allows for remote SQL injection. The issue is related to the manipulation of the sql argument within the getFieldValue function of...

CVE-2025-9311

A vulnerability was identified in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly...

CVE-2025-9307

The CVE refers to PHPGurukul Online Course Registration 3.1 with a SQL injection in the /admin/session.php file, through manipulation of the sesssion argument. This vulnerability is exploitable remotely, and published exploits exist. Multiple sources (NVD, Red Hat, CNVD, CNNVD, CVE List) confirm ...

CVE-2025-9304

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

CVE-2025-9302 PHPGurukul User Management System signup.php sql injection

A vulnerability was identified in PHPGurukul User Management System 1.0. This vulnerability affects unknown code of the file /signup.php. Such manipulation of the argument emailid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...

CVE-2025-9238 Swatadru Exam-Seating-Arrangement Student Login student.php sql injection

A vulnerability was determined in Swatadru Exam-Seating-Arrangement up to 97335ccebf95468d92525f4255a2241d2b0b002f. Affected is an unknown function of the file /student.php of the component Student Login. Executing manipulation of the argument email can lead to sql injection. It is possible to...

CVE-2025-9156

A vulnerability was found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/sports.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public...

CVE-2025-9154

A flaw has been found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /user/page-login.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been published and m...

CVE-2025-9140

A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetailmoduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible t...