CVE-2025-50926

CVE-2025-50926 affects Easy Hosting Control Panel (EHCP) version 20.04.1.b. The vulnerability is a SQL injection in the id parameter of the List All Email Addresses function, caused by unsanitized input leading to database query manipulation. The PacketStorm entry provides an explicit HTTP GET ex...

Linux Distros Unpatched Vulnerability : CVE-2020-5504

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own...

CVE-2025-9047

A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitorout.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8985

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-52797

Cross-Site Request Forgery CSRF vulnerability in josepsitjar StoryMap wp-storymap allows SQL Injection.This issue affects StoryMap: from n/a through = 2.1...

CVE-2025-49897 WordPress Vertical scroll slideshow gallery v2 plugin <= 9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus Vertical scroll slideshow gallery v2 allows Blind SQL Injection. This issue affects Vertical scroll slideshow gallery v2: from n/a through 9.1...

PT-2025-33476 · Projectworlds · Visitor Management System

Name of the Vulnerable Software and Affected Versions: Projectworlds Visitor Management System version 1.0 Description: A vulnerability has been found in projectworlds Visitor Management System 1.0. The manipulation of the argument rid in an unknown function of the file /visitor out.php leads to...

PT-2025-33513 · Hcl · Hcl Bigfix Saas Authentication Service

Name of the Vulnerable Software and Affected Versions: HCL BigFix SaaS Authentication Service affected versions not specified Description: HCL BigFix SaaS Authentication Service is affected by a SQL injection issue. The issue allows potential attackers to manipulate SQL queries. Recommendations: ...

CVE-2025-8981

The CVE-2025-8981 entry concerns itsourcecode Online Tour and Travel Management System 1.0. A SQL injection flaw exists in the /admin/operations/payment.php file, caused by unsafely handling the payment_type parameter. The vulnerability is remotely exploitable and has publicly disclosed exploits....

CVE-2025-49759

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-8968

Summary: CVE-2025-8968 affects itsourcecode Online Tour and Travel Management System 1.0. A vulnerable function in the admin path (/admin/disapprove_user.php) allows SQL injection through the ID parameter. Exploitation is described as remote, with the exploit disclosed publicly. What’s affected: ...

CVE-2025-8966 itsourcecode Online Tour and Travel Management System tax.php sql injection

A vulnerability was found in itsourcecode Online Tour and Travel Management System 1.0. This issue affects some unknown processing of the file /admin/operations/tax.php. The manipulation of the argument tname leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-49033 WordPress ProfileGrid plugin <= 5.9.5.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Blind SQL Injection.This issue affects ProfileGrid : from n/a through = 5.9.5.3...

CVE-2025-49033 WordPress ProfileGrid <= 5.9.5.3 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Metagauss ProfileGrid allows Blind SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.3...

CVE-2025-52720 WordPress Super Store Finder Plugin <= 7.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in highwarden Super Store Finder superstorefinder-wp allows SQL Injection.This issue affects Super Store Finder: from n/a through = 7.5...

CVE-2025-8953 SourceCodester COVID 19 Testing Management System check_availability.php sql injection

A vulnerability was determined in SourceCodester COVID 19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /checkavailability.php. The manipulation of the argument employeeid leads to sql injection. The attack may be launched remotely. The exploit ha...

D-Link DIR-818L 注入漏洞

The D-Link DIR-818L is a WiFi router from the Chinese company AUO D-Link. The D-Link DIR-818L suffers from an injection vulnerability that originates from a misbehavior in the file /htdocs/cgibin, which can be exploited by an attacker to bypass authentication and access restricted data by injecti...

PHPGurukul Teachers Record Management System 注入漏洞

Teachers Record Management System is a teacher record management system. The Teachers Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in file /admin/search.php. An...

CVE-2025-8928 code-projects Medical Store Management System Update Medicines UpdateMedicines.java sql injection

A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack...

CVE-2025-8926 SourceCodester COVID 19 Testing Management System login.php sql injection

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...