5725 matches found
Exploit for Injection in Fabian Voting_System
CVE-2025-7558...
WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin <= 0.8.8.8 - Unauthenticated SQL Injection vulnerability
Unauthenticated SQL Injection vulnerability discovered by Jarno Vos jarnovos in WordPress Plugin Blappsta Mobile App Plugin Your native, mobile iPhone App and Android App versions = 0.8.8.8...
PT-2025-40462
Name of the Vulnerable Software and Affected Versions Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel versions through 20251003 Description An issue exists in Teknolojik Center Telecommunication Industry Trade Co. Ltd. B2B - Netsis Panel related to improper...
QNAP Qsync Central SQL注入漏洞
QNAP Qsync Central is a private cloud synchronization service launched by Weilian QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices, with functions similar to GoogleDrive, Dropbox and other cloud storage services, but with the data stored in the...
CVE-2025-61605
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...
CVE-2025-61605 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in /pet/profile_pet.php Endpoint
WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain an SQL Injection vulnerability which was identified in the /pet/profilepet.php endpoint, specifically in the idpet parameter. This vulnerability allows attackers to execute arbitrary SQL...
CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter
WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...
CVE-2025-59743
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...
ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More
From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome's settings t...
CVE-2025-9697 Ajax WooSearch <= 1.0.0 - Unauthenticated SQL Injection
The Ajax WooSearch WordPress plugin through 1.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2025-11020 Remote Code Execution in MarkAny SafePC Enterprise
An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0. V7.0.YYYY.MM.DD...
CVE-2025-52042
In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
PT-2025-39990
Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get income account function at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can inject a SQL query into the filters.disabled parameter, potentially allowing extracti...
CVE-2024-13150
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection. This issue affects fayton.Pro ERP: through 20250929...
CVE-2025-6724
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command...
CVE-2025-11052
A security flaw has been discovered in kidaze CourseSelectionSystem 1.0/5.php. The impacted element is an unknown function of the file /Profilers/PriProfile/COUNT3s5.php. Performing manipulation of the argument csslc results in sql injection. The attack can be initiated remotely. The exploit has...
Fayton fayton.pro ERP SQL注入漏洞
Fayton fayton.pro ERP is an enterprise resource planning system from Fayton, Turkey. A SQL injection vulnerability exists in Fayton fayton.pro ERP 20250929 and earlier versions, which stems from improper neutralization of special elements and can lead to SQL injection attacks...
PT-2025-39826
Name of the Vulnerable Software and Affected Versions fayton.Pro ERP versions through 20250929 Description A flaw exists in fayton.Pro ERP that allows for SQL Injection. This issue enables unauthorized access to the full database with minimal effort. The vulnerability is due to improper...
PT-2025-39823
Name of the Vulnerable Software and Affected Versions Chef Automate versions prior to 4.13.295 Description Chef Automate versions earlier than 4.13.295 on Linux x86 are susceptible to a condition where an authenticated attacker can access restricted functionality. This is due to improperly...