CVE-2025-10409 SourceCodester Student Grading System rms.php sql injection

A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public...

CVE-2025-27240

A Zabbix adminitrator can inject arbitrary SQL during the autoremoval of hosts by inserting malicious SQL in the 'Visible name' field...

Online Fire Reporting System SQL注入漏洞

Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Online Fire Reporting System version 1.2, which stems from an incorrect manipulation of the parameter todate in the file...

Linux Distros Unpatched Vulnerability : CVE-2024-5315

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

Linux Distros Unpatched Vulnerability : CVE-2024-5314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

CVE-2025-10115

CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-56630

FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...

CVE-2025-10030

CVE-2025-10030 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability affects the file /ajax.php?action=save_receiving where manipulation of the argument ID can lead to a SQL injection. It is described as exploitable remotely and the exploit has been made publicly available....

CVE-2025-9928

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2023-41320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

CVE-2025-9765

CVE-2025-9765 affects the itsourcecode Sports Management System 1.0. Multiple connected sources confirm a SQL injection in the /Admin/tournament_details.php file, triggered by manipulating the ID parameter due to lack of input validation. Exploitation can be remote, and public disclosure is noted...

CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter Userna...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

CVE-2025-9665

The CVE covers code-projects Simple Grading System 1.0, where the Admin Panel’s /edit_student.php contains a vulnerability in the ID parameter that allows SQL injection. This is exploitable remotely, with public exploit material available. Affected component is the Admin Panel through an unknown ...

CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)

CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...

Jinher OA 安全漏洞

Jinher OA is a collaborative management software from Jinher, China. A security vulnerability exists in Jinher OA version 1.0, which originates from improper manipulation of the parameter ID in the file GetTreeDate.aspx, which may lead to an SQL injection attack...

Portábilis i-Educar 安全漏洞

Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10 and earlier, which stems from a SQL injection attack due to the incorrect operation of the parameter codagenda in the...

PT-2025-34577

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A SQL injection issue exists in the file app/logic/L tool.php due to the manipulation of the new url argument. This issue may be exploited remotely. The vendor was contacted but did not respond...

CampCodes Online Water Billing System 安全漏洞

CampCodes Online Water Billing System is an online water billing system from CampCodes Philippines. A security vulnerability exists in CampCodes Online Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /editecex.php...