SQL Injection

apachesuperset is vulnerable to SQL Injection. The vulnerability is due to improper enforcement of the DISALLOWEDSQLFUNCTIONS security feature, which allows an attacker with SQL Lab access to circumvent the denylist using a special inline block and execute restricted SQL functions...

PT-2025-36218

Name of the Vulnerable Software and Affected Versions: gopiplus New Simple Gallery versions through 8.0 Description: The software contains an SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Version...

WordPress plugin License Manager for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

PT-2025-36251

Name of the Vulnerable Software and Affected Versions: Miraculous versions prior to 2.0.9 Description: The Miraculous software contains a SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for blind SQL injection. Recommendations: Update...

WordPress plugin WP Full Stripe Free SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-48544

In multiple locations, there is a possible way to read files belonging to other apps due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Concept Intermedia GOV CMS SQL注入漏洞

Concept Intermedia GOV CMS is a content management system for the public sector from Concept Intermedia, Poland. A SQL injection vulnerability exists in Concept Intermedia GOV CMS versions prior to 4.0, which stems from improperly cleaned search query parameters and could lead to a blind SQL...

Sports Management System resultdetails.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /Admin/resultdetails.php. An attacker can exploit this vulnerabili...

Sports Management System sporttype.php File SQL Injection Vulnerability

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sporttype.php. An attacker can exploit this...

CVE-2025-9928 projectworlds Travel Management System viewcategory.php sql injection

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

Projectworlds Travel management System SQL注入漏洞

Projectworlds Travel management System is a travel management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Travel management System version 1.0, which originates from an incorrect manipulation of parameter t1 in file /viewcategory.php resulting in a SQL...

CVE-2025-9839

The CVE-2025-9839 issue affects itsourcecode Student Information Management System 1.0. Affected component/file: /admin/modules/course/index.php, where manipulating the ID argument leads to an SQL injection. Remote exploitation is possible, and public exploits are reported. Multiple connected sou...

CVE-2025-9833 SourceCodester Online Farm Management System login.php sql injection

A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possible to initiate the attack remotely. The...

Online Course Registration admin/student-registration.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter studentname in the file /admin/student-registration.php. An...

Simple Grading System login.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

Linux Distros Unpatched Vulnerability : CVE-2023-41320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses...

CVE-2025-9690

A flaw has been found in SourceCodester Advanced School Management System 1.0. This affects an unknown function of the file /index.php/stock/vendordetails. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be us...

CVE-2025-9765

CVE-2025-9765 affects the itsourcecode Sports Management System 1.0. Multiple connected sources confirm a SQL injection in the /Admin/tournament_details.php file, triggered by manipulating the ID parameter due to lack of input validation. Exploitation can be remote, and public disclosure is noted...

PT-2025-35443

Name of the Vulnerable Software and Affected Versions: deepakmisal24 Chemical Inventory Management System version 1.0 Description: A vulnerability exists in deepakmisal24 Chemical Inventory Management System version 1.0. Manipulation of the chem name argument in the /inventory form.php file can...

itsourcecode Sports Management System 安全漏洞

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter ID in file /Admin/tournamentdetails.php. An attacker can exploit this vulnerability t...