EUVD-2025-36391

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit...

EUVD-2025-36393

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

CVE-2025-12337 Campcodes Retro Basketball Shoes Online Store admin_feature.php sql injection

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released t...

PT-2025-44067

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security flaw exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue affects an unknown part of the file /admin/admin feature.php. Manipulation of...

CVE-2025-12309

CVE-2025-12309 concerns code-projects Nero Social Networking Site 1.0. The SQL injection vulnerability arises from lack of validation of the ID parameter in /friendprofile.php, enabling remote manipulation of SQL statements. Multiple connected sources (CNVD, CNNVD, Red Hat, ENISA, NVD, etc.) desc...

CVE-2025-12292

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

EUVD-2025-36184

A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admindashboard/editprofile. Such manipulation of the argument firstname/lastname leads to sql injection. The attack may be...

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

EUVD-2025-36146

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /editcriteria.php. Executing manipulation of the argument critid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

CVE-2025-12254

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /addjudge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2025-12248 CLTPHP search.html sql injection

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

CVE-2025-12238

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

PT-2025-44017

Name of the Vulnerable Software and Affected Versions Nero Social Networking Site version 1.0 Description A security flaw exists in the /deletemessage.php file of Nero Social Networking Site. Manipulation of the message id argument can lead to SQL injection. This issue can be exploited remotely...

Code-Projects Online Event Judging System SQL注入漏洞

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contestantid in the file /editcontestant.php. An attacker can...

Code-Projects Nero Social Networking Site SQL注入漏洞

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

CLTPHP Content Management System SQL注入漏洞

CLTPHP Content Management System is a content management system from the Chinese company CLTPHP. A SQL injection vulnerability exists in CLTPHP Content Management System version 3.0. The vulnerability stems from an incorrect manipulation of the parameter keyword in the file /home/search.html, whi...

Bdtask Wholesale Inventory Control SQL注入漏洞

Bdtask Wholesale Inventory Control is an inventory management system from Bdtask Bangladesh. A SQL injection vulnerability exists in Bdtask Wholesale Inventory Control 20251013 and earlier versions, which stems from incorrect manipulation of the parameter firstname/lastname in the file...

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...