CVE-2025-9052

A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-9053 projectworlds Travel Management System updatesubcategory.php sql injection

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publ...

CVE-2025-1929 SQLi in RiskTurk's Treasury Management Software

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Risk Yazılım Teknolojileri Ltd. Şti. Reel Sektör Hazine ve Risk Yönetimi Yazılımı allows SQL Injection, CAPEC - 7 - Blind SQL Injection. This issue affects Reel Sektör Hazine ve Risk Yönetimi...

CVE-2025-54474 Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-54474

CVE-2025-54474 describes a SQL injection vulnerability in the DJ-Classifieds Joomla extension, affecting versions 3.9.2–3.10.1. The issue allows privileged users to execute arbitrary SQL commands. The connected documents consistently reference a DJ-Classifieds SQLi impacting Joomla; no exploitati...

CVE-2025-9047

CVE-2025-9047 affects projectworlds Visitor Management System 1.0. The vulnerability is a SQL injection in the file /visitor_out.php, triggered by manipulating the rid parameter in an unknown function, with remote execution possible. Multiple connected sources confirm the issue and describe it as...

CVE-2025-9028

CVE-2025-9028 affects code-projects Online Medicine Guide 1.0. The vulnerability lies in the /adphar.php file, where manipulating the phuname parameter enables SQL injection. Multiple sources confirm this can be exploited remotely, with exploits published and potential for data loss/compromise. C...

CVE-2025-9025

A vulnerability was determined in code-projects Simple Cafe Ordering System 1.0. Affected by this issue is some unknown functionality of the file /portal.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the...

CVE-2025-9024 PHPGurukul Beauty Parlour Management System book-appointment.php sql injection

A vulnerability was found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /book-appointment.php. The manipulation of the argument Message leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-9022 SourceCodester Online Bank Management System statements.php sql injection

A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely...

CVE-2025-9009

The CVE covers itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function in /admin/email_setup.php where manipulating the Name argument triggers SQL injection. The issue allows remote exploitation and the exploit has been disclosed publicly. Connected sources cons...

CVE-2025-9009 itsourcecode Online Tour and Travel Management System email_setup.php sql injection

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/emailsetup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

PHPGurukul Online Shopping Portal Project 注入漏洞

Online Shopping Portal Project is an online shopping portal project. A SQL injection vulnerability exists in Online Shopping Portal Project, which originates from the lack of validation of externally-entered SQL statements in the parameter emailid in the file /shopping/password-recovery.php. An...

HCL BigFix SaaS Authentication Service 安全漏洞

HCL BigFix SaaS Authentication Service is an endpoint management platform from HCL India. HCL BigFix SaaS Authentication Service suffers from a security vulnerability that stems from SQL queries that can be manipulated, potentially leading to SQL injection attacks...

Joomla! SQL注入漏洞

Joomla! is a free, open source content management system from Joomla! open source. A SQL injection vulnerability exists in Joomla! versions 3.9.2-3.10.1, which originates from a privileged user being able to execute arbitrary SQL commands, potentially resulting in a SQL injection attack...

PT-2025-33441 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection vulnerability exists in itsourcecode Online Tour and Travel Management System 1.0. The vulnerability is located in an unknown function within the...

Projectworlds Visitor Management System 注入漏洞

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /visitorout.php. An attacker can exploit this...

CVE-2025-55168

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a SQL Injection vulnerability was identified in the /html/saude/aplicarmedicamento.php endpoint, specifically in the idfichamedica parameter. This vulnerability allows...

CVE-2025-53727

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

CVE-2025-52797

CVE-2025-52797 corresponds to a CSRF vulnerability in the WordPress StoryMap Plugin <= 2.1 that may enable SQL injection. Public documents confirm affected software (StoryMap Plugin), and version