CampCodes Online Water Billing System 安全漏洞

CampCodes Online Water Billing System is an online water billing system from CampCodes Philippines. A security vulnerability exists in CampCodes Online Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /editecex.php...

PT-2025-34688 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy!Appointments version 1.5.1 Description: Easy!Appointments version 1.5.1 contains a SQL injection issue via the order by parameter. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

CVE-2025-50383

alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the orderby parameter...

PT-2025-34577

Name of the Vulnerable Software and Affected Versions: YiFang CMS versions up to 2.0.5 Description: A SQL injection issue exists in the file app/logic/L tool.php due to the manipulation of the new url argument. This issue may be exploited remotely. The vendor was contacted but did not respond...

itsourcecode Online Tour and Travel Management System 安全漏洞

itsourcecode Online Tour and Travel Management System is an open source online tour and travel management system from itsourcecode. A security vulnerability exists in version 1.0 of itsourcecode Online Tour and Travel Management System, which is caused by a SQL injection due to misuse of the...

Linux Distros Unpatched Vulnerability : CVE-2017-5611

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in wp-includes/class-wp-query.php in WPQuery in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by...

ROS-20250825-07

A vulnerability in the PHP adodb class library involves improper escaping of a query parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL statements. SQL statements,...

CVE-2025-9391

A weakness has been identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this issue is the function getFieldValue of the component com.artery.workflow.ServiceImpl. This manipulation of the argument sql causes sql injection. The attack may be initiated remotely. The exploit has been made...

CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

CVE-2025-6791 Second order SQL injection available to user with low privilege

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-55732

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

GHSA-GJ8W-FFQ9-6828 JeecgBoot SQL Injection Vulnerability

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

JeecgBoot SQL Injection Vulnerability

JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions...

CVE-2025-9255

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

Yoosee 安全漏洞

Yoosee is a smart home mobile application from the Chinese company Yoosee. A security vulnerability exists in Yoosee version 6.32.4, which originates from a SQL injection vulnerability in the back-end API endpoint, which may result in the extraction of sensitive database information...

PT-2025-34261 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A vulnerability was identified in some unknown functionality of the file /fair/addfair.php. The manipulation of the argument ID leads to SQL injection. Remote exploitation of t...

CVE-2025-49406

Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1...

PT-2025-34022

Name of the Vulnerable Software and Affected Versions: JS Archive List affected versions not specified Description: The software contains an Improper Neutralization of Special Elements used in an SQL Command vulnerability, which allows for SQL Injection. Recommendations: At the moment, there is n...

PT-2025-34074 · Frappé Technologies · Frappe

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to via SQL injection...