PT-2025-51112

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security flaw exists in itsourcecode Student Management System 1.0. The issue affects unknown code within the /update program.php file and allows for SQL injection through...

Code-Projects Prison Management System SQL注入漏洞

Prison Management System is a prison management system. Prison Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter keyname in the file /admin/search.php. An attacker can exploit this...

Code-Projects Student File Management System SQL注入漏洞

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter studentid in the file /admin/updatestudent.php. An...

PT-2025-51059

The افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-14570

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewadmin.php. This manipulation of the argument adminid causes sql injection. The attack may be initiated remotely. The exploit has been publishe...

EUVD-2025-203090

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...

CVE-2025-14566

A security flaw has been discovered in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The impacted element is an unknown function of the file /Profilers/SProfile/reg.php. Performing a manipulation of the argument USN results in sql injection. It is possible to initia...

EUVD-2024-55346

xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...

WordPress Accordion Slider PRO plugin SQL Injection Vulnerability

WordPress Accordion Slider PRO plugin is a responsive, touch-enabled slider plugin for WordPress that allows users to create professional and elegant slider effects. The WordPress Accordion Slider PRO plugin suffers from an SQL injection vulnerability that stems from the application's lack of...

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-14529

CVE-2025-14529 affects Campcodes Retro Basketball Shoes Online Store v1.0. The vulnerability is an SQL injection in an unknown function of /admin/admin_running.php triggered by manipulating the pid argument, with remote attack feasibility and published exploits. The issue stems from improper inpu...

CampCodes Retro Basketball Shoes Online Store 安全漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter pid in the file...

PT-2025-50720

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

EUVD-2025-202170

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...