5734 matches found
CVE-2025-30061 SQL injection in utils/Reporter/OpenReportWindow.pl via the UserID parameter
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
CVE-2025-9511 itsourcecode Apartment Management System addvisitor.php sql injection
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available...
CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection
A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...
CVE-2025-9504 Campcodes Online Loan Management System ajax.php sql injection
A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=saveplan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now publ...
CGM CLININET SQL注入漏洞
CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the getPerfServiceIds function, which could lead to a SQL injection attack...
CGM CLININET SQL注入漏洞
CGM CLININET is a hospital information management system from German company CGM. CGM CLININET suffers from a SQL injection vulnerability that stems from improper handling of the UserID parameter in the getUserInfo function, which could lead to a SQL injection attack...
PT-2025-34952
Name of the Vulnerable Software and Affected Versions: St. Joe ERP System affected versions not specified Description: A SQL injection vulnerability exists in the St. Joe ERP system "圣乔ERP系统" that allows unauthenticated remote attackers to execute arbitrary SQL commands via crafted HTTP POST...
readarr 安全漏洞
Readarr is an open source eBook library management system from Readarr. A security vulnerability exists in readarr version 0.4.15.2787, which stems from improper cleanup of the sortKey parameter in the GET /api/v1/wanted/cutoff API endpoint, which could lead to an SQL injection attack...
itsourcecode Apartment Management System 安全漏洞
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /branch/addbranch.php. An attacker can exploit this...
CVE-2025-50979
CVE-2025-50979 affects NodeBB v4.3.0 with a SQL injection in the /api/v3/search/categories endpoint due to an unsanitized search parameter. Unauthenticated, remote attackers can use boolean-based blind and PostgreSQL error-based payloads. Impact: high confidentiality, low integrity, low availabil...
CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ
traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...
CVE-2025-9473 SourceCodester Online Bank Management System feedback.php sql injection
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly an...
CVE-2025-9471
A vulnerability has been found in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /maintenance/addmaintenancecost.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2025-9470 itsourcecode Apartment Management System add_m_committee.php sql injection
A flaw has been found in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /management/addmcommittee.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...
User Management System emailid Parameter SQL Injection Vulnerability
User Management System is a user management system. User Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emailid of the signup.php file. An attacker can exploit this vulnerability to...
Sports Management System sports.php File SQL Injection Vulnerability
Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/sports.php. An attacker can exploit this vulnerabili...
PT-2025-34789 · Digital Creators Club Trap · Traq
Name of the Vulnerable Software and Affected Versions: traQ versions prior to 3.25.0 Description: traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the...
CVE-2025-50383
alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the orderby parameter...
CVE-2025-56212
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter...
CVE-2025-56212
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter...