CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-12504

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...

Online Ordering System user_contact.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...

PT-2025-50556

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...

EUVD-2025-202035

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-14250

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...

CVE-2025-12504 SQLi in Talent Software's UNIS

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection. This issue affects UNIS: before 42321...

CVE-2025-67520 WordPress Media Library Tools plugin <= 1.6.15 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...

CVE-2025-14285 code-projects Employee Profile Management System edit_personnel.php sql injection

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

EUVD-2025-201842

A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file editpersonnel.php. The manipulation of the argument perid results in sql injection. The attack can be launched remotely. The exploit has been made public and could be use...

PT-2025-50100

Name of the Vulnerable Software and Affected Versions Xinhu Rainrock RockOA version 2.7.0 Description A SQL Injection issue exists in the setwxqyAction function within the webmain/task/api/loginAction.php file. This allows attackers to obtain sensitive information, including administrator account...

Billing System admin/index.php Endpoint SQL Injection Vulnerability

Billing System is a billing system. The Billing System suffers from a SQL injection vulnerability that originates when the username parameter in the admin/index.php endpoint is spliced directly into a back-end SQL query without validation. An attacker can exploit this vulnerability by submitting ...

Frappe Helpdesk SQL注入漏洞

Frappe Helpdesk is a customer service software from Frappe Open Source. A SQL injection vulnerability exists in Frappe Helpdesk version 1.14.0, which stems from an unsafe connection of a user control parameter in dashboard getdashboarddata to a dynamic SQL statement, which could lead to a SQL...

PT-2025-49976

Name of the Vulnerable Software and Affected Versions TalentSoft Software UNIS versions prior to 42321 Description A flaw exists in TalentSoft Software UNIS related to the improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This issue could allow an...

WordPress plugin ArtPlacer Widget SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress ArtPlacer Widget plugin that stems from the application's lack of validation of externally entered SQL statements. No...

itsourcecode Student Management System SQL注入漏洞

itsourcecode Student Management System is an open source student management system from itsourcecode. A SQL injection vulnerability exists in version 1.0 of itsourcecode Student Management System, which originates from a misuse of the parameter Name in the file /newadviser.php, which could lead t...

PT-2025-50293

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Versions 3.5.4 and below contain an SQL Injection vulnerability in the /html/matPat/editar categoria.php endpoint. The application fails to properly validate and sanitize user inputs in the id categori...

PT-2025-49896

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tiny Solutions Media Library Tools media-library-tools allows SQL Injection.This issue affects Media Library Tools: from n/a through = 1.6.15...