Linux Distros Unpatched Vulnerability : CVE-2024-5314

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...

CVE-2025-10121 uverif kami_list addbatch sql injection

A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2025-10115

CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...

CVE-2025-10114 PHPGurukul Small CRM profile.php sql injection

A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

PT-2025-36564

Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...

CVE-2025-10111 itsourcecode Student Information Management System index.php sql injection

A security flaw has been discovered in itsourcecode Student Information Management System 1.0. The affected element is an unknown function of the file /admin/modules/instructor/index.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploi...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-10110

ChanCMS

CVE-2025-58450

Summary: CVE-2025-58450 affects pREST (PostgreSQL REST), a REST API on top of PostgreSQL. The vulnerability is a SQL injection in versions prior to 2.0.0-rc3 due to inadequate validation; a patch exists in 2.0.0-rc3. The primary risk details indicate high impact on confidentiality, integrity, and...

itsourcecode Student Information Management System SQL注入漏洞

itsourcecode Student Information Management System is an open source student information management system from itsourcecode. A SQL injection vulnerability exists in itsourcecode Student Information Management System version 1.0, which is caused by incorrect manipulation of a parameter ID that...

PT-2025-36505

Name of the Vulnerable Software and Affected Versions: yanyutao0402 ChanCMS versions through 3.3.1 Description: A SQL injection flaw exists in yanyutao0402 ChanCMS due to manipulation of the keyword argument in the /cms/article/search file. This issue can be exploited remotely. Recommendations: A...

CVE-2025-56630

FoxCMS v1.2.5 and earlier are affected by an SQL Injection in the column_model parameter of app/admin/controller/Column.php. The vulnerability arises from improper handling of input in this file, enabling attacker-controlled SQL execution. CVSSv3.1 base score is 7.3 (HIGH) with Network attack vec...

PT-2025-36523

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.11 Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability exists in the /WeGIA/html/memorando/listar despachos.php endpoint, specifically in the id memorando parameter. This...

CVE-2025-10068

A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/adminforum/addviews.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may...

CVE-2025-10030

CVE-2025-10030 concerns Campcodes Grocery Sales and Inventory System 1.0. The vulnerability affects the file /ajax.php?action=save_receiving where manipulation of the argument ID can lead to a SQL injection. It is described as exploitable remotely and the exploit has been made publicly available....

WordPress plugin ELEX WooCommerce Google Shopping SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

FOG 访问控制错误漏洞

FOG is an open source computer cloning and management system open-sourced by the FOG Project. An access control error vulnerability exists in FOG 1.5.10.1673 and prior versions, which stems from an authentication bypass that could allow an attacker to unauthenticatedly dump a full SQL database...

CVE-2025-9928

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-10011

A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made availabl...

SQL Injection

apachesuperset is vulnerable to SQL Injection. The vulnerability is due to improper enforcement of the DISALLOWEDSQLFUNCTIONS security feature, which allows an attacker with SQL Lab access to circumvent the denylist using a special inline block and execute restricted SQL functions...