CampCodes Online Learning Management System 安全漏洞

CampCodes Online Learning Management System is an online learning management system from CampCodes Philippines, Inc. A security vulnerability exists in CampCodes Online Learning Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter Userna...

PT-2025-35459

Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A vulnerability exists in itsourcecode Sports Management System 1.0. The issue involves a SQL injection affecting an unknown function within the /Admin/tournament details.php file...

CVE-2025-9742

CVE-2025-9742 affects code-projects' Human Resource Integrated System 1.0. The vulnerability arises from improper handling of the login.php input, where manipulation of the user/pass parameters enables SQL injection. Impact stated in sources includes potential remote exploitation and data exposur...

CVE-2025-9741 code-projects Human Resource Integrated System login_query12.php sql injection

A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-9739

A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-8858

Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-44033

SQL injection vulnerability in oasystem oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java...

Apartment Management System unit_status_info.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter usid in the file /report/unitstatusinfo.php. An attacker can exploit...

CVE-2025-50983

SQL Injection vulnerability exists in the sortKey parameter of the GET /api/v1/wanted/cutoff API endpoint in readarr 0.4.15.2787. The endpoint fails to properly sanitize user-supplied input, allowing attackers to inject and execute arbitrary SQL commands against the backend SQLite database. Sqlma...

CVE-2025-51968

A SQL Injection vulnerability exists in the action.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The application fails to properly sanitize user-supplied input in the proId POST parameter, allowing attackers to inject arbitrary SQL expressions...

CVE-2025-30060

In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...

CVE-2025-39496

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW WooBeWoo Product Filter Pro allows SQL Injection.This issue affects WooBeWoo Product Filter Pro: from n/a before 2.9.6...

CVE-2025-9689

The CVE-2025-9689 entry concerns SourceCodester Advanced School Management System 1.0. The vulnerability is located in an unknown function of the file /index.php/stock/item_select, where manipulation of the q parameter results in SQL injection. It is exploitable remotely and exploits are publicly...

CVE-2025-9685

A vulnerability was identified in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /module/AreaConhecimento/view of the component Listagem de áreas de conhecimento Page. Such manipulation of the argument ID leads to sql injection. The attack can be executed...

CVE-2025-54946 SUNNET Corporate Training Management System - SQL Injection

A SQL injection vulnerability in SUNNET Corporate Training Management System before 10.11 allows remote attackers to execute arbitrary SQL commands...

PT-2025-35361

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping System version 1.0 Description: A SQL injection issue exists in Campcodes Online Shopping System version 1.0. The issue is located in the /login.php file, affecting an unknown function. Manipulation of the Password...

CampCodes Advanced Online Voting System 安全漏洞

CampCodes Advanced Online Voting System is an advanced online voting system from CampCodes, Inc. A security vulnerability exists in version 1.0 of the CampCodes Advanced Online Voting System, which results from a SQL injection due to incorrect manipulation of the parameter Username in the file...

PT-2025-35341

Name of the Vulnerable Software and Affected Versions SUNNET Corporate Training Management System versions prior to 10.11 Description A SQL injection flaw exists in SUNNET Corporate Training Management System. This issue allows remote attackers to execute arbitrary SQL commands. Recommendations...

CVE-2025-29894

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

CVE-2025-9665

The CVE covers code-projects Simple Grading System 1.0, where the Admin Panel’s /edit_student.php contains a vulnerability in the ID parameter that allows SQL injection. This is exploitable remotely, with public exploit material available. Affected component is the Admin Panel through an unknown ...