5734 matches found
CVE-2025-9663
A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /editaccount.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicl...
CVE-2025-9663 code-projects Simple Grading System Admin Panel edit_account.php sql injection
A vulnerability was identified in code-projects Simple Grading System 1.0. This impacts an unknown function of the file /editaccount.php of the component Admin Panel. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicl...
CVE-2025-9608
Portabilis i-Educar up to version 2.10 is affected. The vulnerability resides in the Formula de Cálculo de Média Page, specifically the /module/FormulaMedia/view file, where manipulating the ID parameter leads to SQL injection. Remote exploitation is possible, and public exploits/POCs have been d...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19809)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the getPerfServiceIds function. An attacker can exploit this vulnerability to...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19810)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of the UserID parameter of the getUserInfo function against external input SQL statements. An attacker can exploit this...
CGM CLININET SQL Injection Vulnerability (CNVD-2025-19811)
CGM CLININET is a hospital information management system from CGM Germany. CGM CLININET suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the UserID parameter of the OpenReportWindow.pl file. An attacker can exploit this...
WordPress plugin iATS Online Forms SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress iATS Online Forms plugin, which stems from a temporal SQL injection in the parameter order, which can be exploited by an...
Jinher OA 安全漏洞
Jinher OA is a collaborative management software from Jinher, China. A security vulnerability exists in Jinher OA version 1.0, which originates from improper manipulation of the parameter ID in the file GetTreeDate.aspx, which may lead to an SQL injection attack...
Portábilis i-Educar 安全漏洞
Portábilis i-Educar is an application from Portábilis. It can easily help you in basic and technical education. A security vulnerability exists in Portábilis i-Educar version 2.10 and earlier, which stems from a SQL injection attack due to the incorrect operation of the parameter codagenda in the...
QNAP Qsync Central SQL注入漏洞
QNAP Qsync Central is a private cloud synchronization service launched by QNAP, which is mainly used to achieve real-time synchronization and backup of files between devices. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of...
Code-Projects Simple Grading System 安全漏洞
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /editstudent.php. An attacker can exploit this vulnerability to execute...
i-Educar 安全漏洞
i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10 and earlier, which stems from a SQL injection attack due to a mishandling of the parameter ID in the file /module/FormulaMedia/view...
PT-2025-35177
Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/FormulaMedia/view file of the Formula de Cálculo de Média Page component. Manipulation of t...
Changing Clinic Image System SQL注入漏洞
Changing Clinic Image System is a computer system for managing and displaying medical images from Changing Taiwan, China. The Changing Clinic Image System suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks, which could lead to an unauthenticated...
Hospital Management System about-us.php File SQL Injection Vulnerability
Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the pagetitle parameter of about-us.php. An attacker can exploit thi...
Hospital Management System index.php File SQL Injection Vulnerability
Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the username parameter of index.php. No details of the vulnerability a...
PT-2025-35150
Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection flaw exists due to manipulation of the usid argument in the /report/unit status info.php file. The attack can be executed remotely. The exploit has been...
CVE-2025-51969
CVE-2025-51969 is a SQL Injection in PuneethReddyHC Online Shopping System Advanced 1.0. The flaw resides in the product_id GET parameter used by product.php and is not properly validated before inclusion in SQL statements. Affected software: PuneethReddyHC Online Shopping System Advanced 1.0 (pr...
itsourcecode Apartment Management System 安全漏洞
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in parameter vid in file /report/billinfo.php. An attacker can exploit this vulnerability...
CVE-2025-30058
In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter...