PT-2025-39740

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A flaw exists in Campcodes Online Learning Management System version 1.0 that allows for SQL injection. The issue is located in the file /admin/edit teacher.php and involves...

CVE-2025-11037 code-projects E-Commerce Website admin_index_search.php sql injection

A security flaw has been discovered in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/adminindexsearch.php. Performing manipulation of the argument Search results in sql injection. The attack may be initiated remotely. The exploit has been released to th...

CVE-2025-60118

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Potenzaglobalsolutions PGS Core pgs-core allows SQL Injection.This issue affects PGS Core: from n/a through = 5.9.0...

CVE-2025-60109

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

CVE-2025-60109 WordPress LambertGroup - AllInOne - Content Slider Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup LambertGroup - AllInOne - Content Slider all-in-one-contentSlider allows Blind SQL Injection.This issue affects LambertGroup - AllInOne - Content Slider: from n/a through = 3.8...

PT-2025-39556

Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Content Slider versions through 3.8 Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to SQL Injection. This allows for Blind SQL...

WordPress plugin PGS Core SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

CVE-2025-10825

A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Affected is an unknown function of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available...

CVE-2025-10857

A security flaw has been discovered in Campcodes Point of Sale System POS 1.0. Affected by this issue is some unknown functionality of the file /login.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

Hostel Management System Home Parameter SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Home in the file /justines/admin/modreports/index.php. An attacker can...

Online Bidding System index.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aduser in the file /administrator/index.php. An attacker can exploit this...

CVE-2025-58686

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quadlayers Perfect Brands for WooCommerce perfect-woocommerce-brands allows SQL Injection.This issue affects Perfect Brands for WooCommerce: from n/a through = 3.6.2...

CVE-2025-10184 OnePlus OxygenOS Telephony provider permission bypass

The vulnerability allows any application installed on the device to read SMS/MMS data and metadata from the system-provided Telephony provider without permission, user interaction, or consent. The user is also not notified that SMS data is being accessed. This could lead to sensitive information...

CVE-2025-10851

Campcodes Gym Management System 1.0 contains a SQL injection in the /ajax.php?action=login endpoint caused by manipulating the Username parameter. This is exploitable remotely, and multiple sources confirm that an exploit has been released publicly. The CVE-2025-10851 records impact to unknown fu...

CVE-2025-10848 Campcodes Society Membership Information System check_student.php sql injection

A vulnerability was identified in Campcodes Society Membership Information System 1.0. This issue affects some unknown processing of the file /checkstudent.php. Such manipulation of the argument studentid leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-10845

A vulnerability was found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /module/ComponenteCurricular/view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-10832 SourceCodester Pet Grooming Management Software fetch_product_details.php sql injection

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. The affected element is an unknown function of the file /admin/fetchproductdetails.php. The manipulation of the argument barcode results in sql injection. The attack may be performed from remote. The exploit has bee...

CVE-2025-10830 Campcodes Computer Sales and Inventory System inv_edit1.php sql injection

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. This issue affects some unknown processing of the file /pages/invedit1.php. Executing manipulation of the argument idd can lead to sql injection. The attack can be executed remotely. The exploit has been published and may...

CampCodes Computer Sales and Inventory System 安全漏洞

CampCodes Computer Sales and Inventory System is a computerized sales and inventory system from CampCodes Philippines. A security vulnerability exists in CampCodes Computer Sales and Inventory System version 1.0, which stems from incorrect manipulation of the parameter ID in the file...

Code-Projects Online Bidding System SQL注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /administrator/wew.php. An attacker can exploit this vulnerability to...