CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

CVE-2025-12931 SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2025-46180

Name of the Vulnerable Software and Affected Versions rickxy Hospital Management System version 1.0 Description The patient prescription viewing functionality within the his doc view single patient.php component contains an SQL injection issue. The pat number GET parameter is directly incorporate...

CVE-2025-63718

A SQL injection vulnerability exists in the SourceCodester PQMS Patient Queue Management System 1.0 in the apipatientschedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands...

CVE-2025-12857

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. The affected element is an unknown function of the file /admin/roombook.php. Such manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed...

EUVD-2025-38246

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...

CVE-2022-50591

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50591 Advantech iView < v5.7.04 Build 6425 ztp_config_id Parameter SQL Injection Information Disclosure

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztpconfigid’ parameter to the ‘NetworkServlet’ endpoint. Successful...

CVE-2022-50592 Advantech iView < v5.7.04 Build 6425 getInventoryReportData Parameter SQL Injection RCE

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘getInventoryReportData’ parameter to the ‘NetworkServlet’ endpoint...

CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

CVE-2025-60239

CVE-2025-60239 describes an SQL Injection in the WordPress CoSchool LMS plugin (versions

PT-2025-44788

Name of the Vulnerable Software and Affected Versions Geutebruck G-Cam E-Series Cameras version 1.12.0.19 Description An unauthenticated SQL Injection exists within the Geutebruck G-Cam E-Series Cameras. The issue is located in the /uapi-cgi/viewer/Param.cgi script through the Group parameter...

JavaWebVulnerabilityScanner

JavaWebVulnerabilityScanner 🔒 Java Web Vulnerability Scanner...

CVE-2025-52664

SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users...

EUVD-2025-36393

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

PT-2025-44067

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security flaw exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue affects an unknown part of the file /admin/admin feature.php. Manipulation of...

CVE-2025-12292

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

EUVD-2025-36184

A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admindashboard/editprofile. Such manipulation of the argument firstname/lastname leads to sql injection. The attack may be...

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

Exploit for CVE-2023-49440

CVE-2023-49440-POC Vulnerable Version: Ahab EPP Management v...