CVE-2025-62849

An SQL injection vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QTS 5.2.7.3297 build 20251024 and...

EUVD-2025-203292

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

itsourcecode COVID Tracking System SQL注入漏洞

itsourcecode COVID Tracking System is a new coronary pneumonia tracking system open-sourced by itsourcecode. An SQL injection vulnerability exists in version 1.0 of itsourcecode COVID Tracking System, which stems from an incorrect manipulation of the parameter Username in the file...

Online Shopping System Advanced SQL注入漏洞

Online Shopping System Advanced is an online store website by Puneeth Reddy H C Individual Developer. A SQL injection vulnerability exists in Online Shopping System Advanced version 1.0, which stems from a SQL injection in the paymentsuccess.php script that could result in the retrieval of...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A security vulnerability exists in version 1.0 of projectworlds Advanced Library Management System, which stems from incorrect manipulation of the parameter bookid in the file...

CVE-2025-13359 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection

The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...

CVE-2025-13420

A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been ma...

CVE-2025-13300

A vulnerability has been found in itsourcecode Web-Based Internet Laboratory Management System 1.0. Affected is an unknown function of the file /settings/controller.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameters bookpub/booktitle in...

CVE-2024-44662

The CVE-2024-44662 entry applies to PHPGurukul Online Shopping Portal 2.0, where the admin page’s username parameter is vulnerable to SQL Injection. The root cause is lack of input validation/sanitization allowing attacker-supplied SQL to be executed, potentially exposing data. Public references ...

CVE-2024-44640

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php...

CVE-2025-13057

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements used in an SQL Command (CVE-2022-29155)

In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping...

Projectworlds Online Admission System SQL注入漏洞

Projectworlds Online Admission System is an online admission system from Projectworlds India. Projectworlds Online Admission System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter keywords in the file /processlogin.php, which could le...

CVE-2025-12215

CVE-2025-12215 affects projectworlds Online Shopping System 1.0, specifically the /login_submit.php file. The issue is an input handling flaw where manipulating the keywords argument enables SQL injection. The vulnerability is remote and has had exploits published. Multiple sources flag high risk...

CVE-2025-49915

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozy Vision SMS Alert Order Notifications sms-alert allows SQL Injection.This issue affects SMS Alert Order Notifications: from n/a through = 3.8.5...

CVE-2025-59557 WordPress Learts Addons Plugin < 1.7.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ThemeMove Learts Addons learts-addons allows SQL Injection.This issue affects Learts Addons: from n/a through 1.7.5...

Exploit for CVE-2025-1094

🛠️ CVE-2025-1094 Lab Setup ⚠️ Disclaimer This lab i...

Automated Voting System add_candidate_modal.php File SQL Injection Vulnerability

Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of the parameter firstname in file /admin/addcandidatemodal.php for externally entered SQL statements. An attacker can exploit this...

CVE-2025-11615

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/addinvoice.php. Performing manipulation of the argument ServiceId results in sql injection. Remote exploitation of the attack is possible. The exploit has been...