Like Tea SQL注入漏洞

Like Tea is a multi-store tea drinking applet open source by comeasy. Like Tea version 1.0.0 SQL injection vulnerability exists , the vulnerability stems from the file laravel/app/Http/Controllers/Front/StoreController.php in the list function of the lng/lat parameter is not handled properly ,...

CVE-2025-13060 SourceCodester Survey Application System view_survey.php sql injection

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...

CVE-2025-13059 SourceCodester Alumni Management System manage_career.php sql injection

A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /managecareer.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

EUVD-2025-131910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0...

CVE-2025-59499

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-13047

CVE-2025-13047 affects the ViewLead Technology Bacteriology Laboratory Reporting System. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL and read database contents. Root cause and exact vulnerable component are described as an injection fl...

EUVD-2025-119986

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13046

...

WellSky Harmony 安全漏洞

WellSky Harmony is an all-in-one service management platform from WellSky USA. A security vulnerability exists in WellSky Harmony version 4.1.0.2.83, which stems from improper cleanup of the TXTUSERID parameter in the xmHarmony.asp endpoint, which could lead to an SQL injection attack...

EUVD-2025-84350

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-8324 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

WordPress Plugin CoSchool LMSSQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

EUVD-2025-44057

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-12931 SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12865

U-Office Force by e-Excellence is affected by a SQL Injection vulnerability stemming from unvalidated input, enabling an authenticated remote attacker to read, modify, and delete database contents. CVSS metrics indicate high impact to confidentiality, integrity, and availability. No remediation o...

CVE-2025-12926 SourceCodester Farm Management System review.php sql injection

A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the...