CVE-2025-14898

A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely. The exploit has be...

Advantech WebAccess/SCADA

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an authenticated attacker to read or modify a remote database. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as: Minimize...

CVE-2025-14780

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

CVE-2025-14711

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14585 itsourcecode COVID Tracking System page sql injection

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

CVE-2025-14515 Campcodes Supplier Management System add_unit.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addunit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14514 Campcodes Supplier Management System add_distributor.php sql injection

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/adddistributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

CVE-2025-14335

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newschoolyear.php. The manipulation of the argument sy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-14258

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed t...

CVE-2025-14285

Code-projects Employee Profile Management System 1.0 is affected by a SQL injection in edit_personnel.php via the per_id parameter. The flaw enables remote exploitation and has publicly available exploits; multiple sources corroborate the issue. There is no product-specific patch details in the p...

CVE-2025-14256

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-14251

A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-14230

Code-Projects Daily Time Recording System 4.5.0 is affected by a SQL injection in /admin/add_payroll.php caused by manipulating the detail_Id parameter. The vulnerability arises from improper input handling in an unknown function, enabling remote exploitation. Public exploit details exist (PoC in...

CVE-2025-14209 Campcodes School File Management System update_query.php sql injection

A weakness has been identified in Campcodes School File Management System 1.0. This impacts an unknown function of the file /updatequery.php. This manipulation of the argument studid causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2025-14193 code-projects Employee Profile Management System view_personnel.php sql injection

A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /viewpersonnel.php. Executing a manipulation of the argument perid can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-13788

A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...

PT-2025-48415

A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack...

CVE-2025-13546

A vulnerability was detected in ashraf-kabir travel-agency up to 1f25aa03544bc5fb7a9e846f8a7879cecdb0cad3. Affected by this issue is some unknown functionality of the file /results.php of the component Search. The manipulation of the argument userquery results in sql injection. The attack can be...

CVE-2025-13396

A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public a...

CVE-2025-13257

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /admin/user/index.php?view=edit. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has be...