SourceCodester Hotel and Lodge Management System 安全漏洞

SourceCodester Hotel and Lodge Management System is a SourceCodester open source hotel and lodge management system. A security vulnerability exists in SourceCodester Hotel and Lodge Management System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file...

PT-2025-40935

Name of the Vulnerable Software and Affected Versions code-projects Online Course Registration version 1.0 Description A flaw exists in code-projects Online Course Registration 1.0 that allows for SQL injection. The issue is located in the file /admin/edit-course.php and involves manipulation of...

EUVD-2025-26267

Malicious code in bioql PyPI...

EUVD-2025-29144

Malicious code in bioql PyPI...

EUVD-2025-29180

Malicious code in bioql PyPI...

EUVD-2025-26356

Malicious code in bioql PyPI...

EUVD-2025-27433

Malicious code in bioql PyPI...

EUVD-2025-28473

Malicious code in bioql PyPI...

WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin <= 0.8.8.8 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...

CVE-2025-61605

WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...

CVE-2025-11020 Remote Code Execution in MarkAny SafePC Enterprise

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0. V7.0.YYYY.MM.DD...

PT-2025-39990

Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get income account function at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can inject a SQL query into the filters.disabled parameter, potentially allowing extracti...

CVE-2025-11102

A weakness has been identified in Campcodes Online Learning Management System 1.0. Affected is an unknown function of the file /admin/editcontent.php. Executing manipulation of the argument Title can lead to sql injection. The attack can be launched remotely. The exploit has been made available t...

CVE-2025-11063

A vulnerability was identified in Campcodes Online Learning Management System 1.0. This issue affects some unknown processing of the file /admin/editdepartment.php. The manipulation of the argument d leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection

A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...

CVE-2025-10781

CVE-2025-10781 affects Campcodes Online Learning Management System 1.0. The vulnerability is in the file /admin/edit_class.php, where manipulation of the parameter named class_name enables a SQL injection. The description states the attack can be executed remotely and the exploit is publicly avai...

PT-2025-38746

Name of the Vulnerable Software and Affected Versions Campcodes Online Beauty Parlor Management System version 1.0 Description A security issue exists in Campcodes Online Beauty Parlor Management System 1.0. The issue involves potential SQL injection due to manipulation of the fromdate/todate...

CVE-2025-10673

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

PT-2025-38154

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A SQL injection flaw exists in the /admin/delete student.php file due to manipulation of the stud id argument. This issue is remotely exploitable. The exploit has...

PT-2025-38081

Name of the Vulnerable Software and Affected Versions: Campcodes Grocery Sales and Inventory System version 1.0 Description: A vulnerability exists in Campcodes Grocery Sales and Inventory System 1.0. The issue is related to SQL injection within an unknown function of the file...