CVE-2025-8960

A vulnerability has been found in Campcodes Online Flight Booking Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/saveairlines.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8946

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

CVE-2025-8922

A vulnerability was found in code-projects Job Diary 1.0. This affects an unknown part of the file /admin-inbox.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8923

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-9047 projectworlds Visitor Management System visitor_out.php sql injection

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitorout.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...

CVE-2025-9021

A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...

CVE-2025-9013

Summary of vulnerability (CVE-2025-9013) : PHPGurukul Online Shopping Portal Project 2.0 has a SQL injection flaw in the file /shopping/password-recovery.php triggered by manipulating the emailid parameter. This vulnerability can be exploited remotely and has publicly disclosed exploits. Multiple...

Online Tour and Travel Management System 1.0 SQL Injection

Online Tour and Travel Management System version 1.0 suffers from a remote SQL injection vulnerability in the /admin/operations/travellers.php endpoint...

CVE-2025-8987

Affected product: SourceCodester COVID 19 Testing Management System 1.0. Vulnerable component: file /test-details.php; vulnerable parameter: remark. Root cause: SQL injection due to manipulation of remark, enabling remote attack. CVSS indicators in the included documents show high–critical impact...

CVE-2025-8984 itsourcecode Online Tour and Travel Management System expense_category.php sql injection

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8984 itsourcecode Online Tour and Travel Management System expense_category.php sql injection

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8970 itsourcecode Online Tour and Travel Management System booking.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /admin/operations/booking.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2025-8967

A vulnerability was determined in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/packages.php. The manipulation of the argument pname leads to sql injection. It is possible to launch the attack remotely. The exploit has bee...

CVE-2025-8936

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-8925

CVE-2025-8925 affects itsourcecode Sports Management System 1.0. The vulnerability is an SQL injection in /Admin/match.php caused by unsafely handling the code parameter, enabling remote exploitation and unauthorized data access. Exploit details have been publicly disclosed. No official fix/versi...

CVE-2025-8914

CVE-2025-8914 affects the WellChoose Organization Portal System. The connected documents describe a SQL injection vulnerability resulting from the application’s lack of validation of externally entered SQL statements, allowing unauthenticated remote attackers to inject arbitrary SQL commands to r...

PT-2025-32485 · Unknown · Simple Art Gallery

Name of the Vulnerable Software and Affected Versions: Simple Art Gallery version 1.0 Description: A critical vulnerability exists in Simple Art Gallery 1.0 due to a SQL injection flaw. The issue is located in an unknown functionality within the /Admin/registration.php file. The fname argument ca...

CVE-2025-8703

A vulnerability classified as critical was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This vulnerability affects unknown code of the file /WEASHomePage/GetAreaTrendChartData of the component Environmental Real-Time Data Module. The manipulation of the argument energy...

Gandia Integra Total 4.4.2236.1 SQL Injection

Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1 suffer from a remote SQL injection vulnerability...