CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

CVE-2025-34246

Advantech WebAccess/VPN

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2025-60239

CVE-2025-60239 describes an SQL Injection in the WordPress CoSchool LMS plugin (versions

CVE-2025-28953 WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through = 4.0...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

CVE-2025-55343

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txtdepecodi, busqueda/busqueda.php txtusuacodi, anexoslista.php raditemp, Administracion/listas/formAreaajax.php codDepe, Administracion/listas/formDepeHijoajax.php codDepe,...

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

Revive Adserver SQL Injection Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

EUVD-2025-37451

A vulnerability was found in itsourcecode Online Loan Management System 1.0. This vulnerability affects unknown code of the file /manageloan.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-12606

A vulnerability was determined in itsourcecode Online Loan Management System 1.0. This issue affects some unknown processing of the file /manageborrower.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

PT-2025-44743

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System version 1.0 where manipulation of the id/ini weight argument in the file '/admin/update-progress.php' can lead to SQL injection. This issu...

Digiwin EasyFlow .NET和Digiwin EasyFlow AiNet SQL注入漏洞

Digiwin EasyFlow .NET and Digiwin EasyFlow AiNet are both products of China's Digiwin Corporation, Digiwin EasyFlow . AiNet is a business process automation platform. NET and Digiwin EasyFlow AiNet have a SQL injection vulnerability that originates from a vulnerability that could allow an...

PT-2025-44785

Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to SQL Injection in the /carlux/contact.php file. The vulnerability exists due to insufficient input validation when processing data submitted...

SourceCodester Best House Rental Management System SQL注入漏洞

SourceCodester Best House Rental Management System is a SourceCodester open source house rental management system. SourceCodester Best House Rental Management System version 1.0 exists SQL injection vulnerability, the vulnerability stems from the function deletepayment in the file /adminclass.php...

PT-2025-44744

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System 1.0 that could allow for SQL injection. This issue affects the /admin/view-progress-report.php file. Manipulation of the ID argument can...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-778387)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

PT-2025-44788

Name of the Vulnerable Software and Affected Versions Geutebruck G-Cam E-Series Cameras version 1.12.0.19 Description An unauthenticated SQL Injection exists within the Geutebruck G-Cam E-Series Cameras. The issue is located in the /uapi-cgi/viewer/Param.cgi script through the Group parameter...