CVE-2025-8954 PHPGurukul Hospital Management System doctor-specilization.php sql injection

A vulnerability was identified in PHPGurukul Hospital Management System 4.0. This affects an unknown part of the file /admin/doctor-specilization.php. The manipulation of the argument doctorspecilization leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-8947

A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /querydata.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public...

CVE-2025-8936 1000 Projects Sales Management System dordupdate.php sql injection

A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been...

PT-2025-33259 · Unknown · Realmag777 Mdtf

Name of the Vulnerable Software and Affected Versions: RealMag777 MDTF versions through 1.3.3.7 Description: RealMag777 MDTF is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential SQL Injection attacks...

WordPress plugin Cube Portfolio SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin Easy Form Builder SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

PT-2025-33110 · Unknown · Medical Store Management System

Name of the Vulnerable Software and Affected Versions: code-projects Medical Store Management System version 1.0 Description: A vulnerability exists in the Medical Store Management System due to a SQL injection issue. The vulnerability is related to unknown processing of the UpdateCompany.java fi...

itsourcecode Online Tour and Travel Management System 注入漏洞

itsourcecode Online Tour and Travel Management System is a itsourcecode open source online tour and travel management system. An injection vulnerability exists in itsourcecode Online Tour and Travel Management System version 1.0, which is caused by incorrect manipulation of the parameter...

PT-2025-33223 · Romancode · Mapsvg

Name of the Vulnerable Software and Affected Versions: MapSVG affected versions not specified Description: An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability exists in RomanCode MapSVG, allowing for SQL injection. Recommendations: At the moment,...

PHPGurukul Hospital Management System 安全漏洞

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter docfees in the file /admin/edit-doctor.php. An...

WordPress plugin Frontend Admin by DynamiApps SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

CVE-2025-8928

CVE-2025-8928 affects code-projects’ Medical Store Management System 1.0, specifically the UpdateMedicines.java file in the Update Medicines Page. The vulnerability arises from improper handling of the argument productNameTxt, leading to SQL injection. The attack can be initiated remotely, and pu...

CVE-2025-8925 itsourcecode Sports Management System match.php sql injection

A vulnerability has been found in itsourcecode Sports Management System 1.0. Affected is an unknown function of the file /Admin/match.php. The manipulation of the argument code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8921 code-projects Job Diary user-apply.php sql injection

A vulnerability has been found in code-projects Job Diary 1.0. Affected by this issue is some unknown functionality of the file /user-apply.php. The manipulation of the argument jobtitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and...

SQL Injection

bacula-web/bacula-web is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in HTTP GET requests, which allows an attacker to execute arbitrary code remotely...

CVE-2025-8914

Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection

The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter used in the getsubmittedassignments function in all versions up to, and including, 3.7.0 due to insufficient escaping on the user supplied parameter an...

PT-2025-33273 · Apache · Apache Superset

Name of the Vulnerable Software and Affected Versions: Apache Superset versions prior to 5.0.0 Description: A bypass of the DISALLOWED SQL FUNCTIONS security feature allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allo...

PT-2025-33066 · Job Diary · Job Diary

Name of the Vulnerable Software and Affected Versions: Job Diary version 1.0 Description: A SQL injection issue exists due to the manipulation of the ID argument. This affects unknown code within the /edit-details.php file. The attack can be initiated remotely. The exploit has been disclosed...

PT-2025-32977 · Unknown · Wellchoose Organization Portal System

Name of the Vulnerable Software and Affected Versions: WellChoose Organization Portal System affected versions not specified Description: The WellChoose Organization Portal System is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL command...