CVE-2019-12723

An issue was discovered in the Teclib Fields plugin through 1.9.2 for GLPI. it allows SQL Injection via containerid and oldorder parameters to ajax/reorder.php by an unauthenticated user...

CVE-2019-12374

A SQL Injection vulnerability exists in Ivanti LANDESK Management Suite LDMS, aka Endpoint Manager 10.0.1.168 Service Update 5 due to improper username sanitization in the Basic Authentication implementation in core/provisioning.secure/ProvisioningSecure.asmx in Provisioning.Secure.dll...

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dlsendmail.php when the attacker has admin authority via the id parameter...

CVE-2019-12946

Elcom CMS before 10.7 has SQL Injection via EventSearchByState.aspx and EventSearchAdv.aspx...

CVE-2006-3577

SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op...

CVE-2006-3263

SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2025-1380

A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/delplan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2025-1582

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/all-request.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The...

CVE-2025-1183

A vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument loginid leads to sql injection. The attack can be launche...

CVE-2024-2522

A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument roomid leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2024-2532

A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

CVE-2025-1708

The application is vulnerable to SQL injection attacks. An attacker is able to dump the PostgreSQL database and read its content...

CVE-2024-2341

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the keys parameter in all versions up to, and including, 1.6.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

编号撤回

Seeyon Zhiyuan OA Web Application System is a comprehensive office automation platform from Seeyon. A SQL injection vulnerability exists in Seeyon Zhiyuan OA Web Application System version 20251223 and earlier, which originates from the incorrect operation of the parameter unitCode in the file...

CVE-2025-15436 Yonyou KSOA work_edit.jsp sql injection

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/workedit.jsp. Such manipulation of the argument Report leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may b...

CVE-2025-15211 code-projects Refugee Food Management System refugee.php sql injection

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

Code-Projects Refugee Food Management System SQL注入漏洞

Code-Projects Refugee Food Management System is an open source refugee food management system from Code-Projects. A SQL injection vulnerability exists in Code-Projects Refugee Food Management System version 1.0, which stems from an incorrect manipulation of the parameter a in the file...

CVE-2025-68590

Technical details for CVE-2025-68590 are not publicly provided in the supplied documents. No affected versions, impact specifics, or remediation are given here. Monitor vendor advisories and patch releases for updates.