Chat System send_message.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter msg in the file /user/sendmessage.php. An attacker can exploit this vulnerability to execute illegal SQL commands...

Sophos Firewall 安全漏洞

Sophos Firewall is a firewall from Sophos UK. A security vulnerability exists in Sophos Firewall versions prior to 21.0 MR1, which stems from a SQL injection in WebAdmin that could lead to the execution of arbitrary code by an administrator...

MB Connect Line mbNET.mini 注入漏洞

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. MB CONNECT LINE mbNET.mini suffers from a SQL injection vulnerability that stems from improper neutralization of special...

Online Appointment Booking System ulocateus.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter doctorname in the file /ulocateus.php that lacks validation of externally entered SQL statements. An...

Online Appointment Booking System get_town.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter countryid in file /gettown.php that lacks validation of an externally entered SQL statement. An attacke...

Online Appointment Booking System getDay.php File SQL Injection Vulnerability

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter cidval in the file /getDay.php that lacks validation of externally entered SQL statements. The...

CVE-2025-7765

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched...

CVE-2025-25257

An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability CWE-89 vulnerability in Fortinet FortiWeb 7.6.0 through 7.6.3, FortiWeb 7.4.0 through 7.4.7, FortiWeb 7.2.0 through 7.2.10, FortiWeb 7.0.0 through 7.0.10 allows an unauthenticated attacker to execu...

U.S. Dept Of Defense: SQL Injection - JSON 'name' parameter

A SQL injection vulnerability was discovered in the 'name' parameter of the website. The vulnerability allowed manipulation of SQL queries executed by the backend database. The original request containing the vulnerable parameter was provided...

Fortinet FortiWeb SQL注入漏洞

Fortinet FortiWeb is a Web application layer firewall from Fiat Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A SQL injection vulnerability exists in...

Highsun OA 安全漏洞

Highsun OA is an office collaboration software from China's Haichang Information Highsun Company. A security vulnerability exists in Highsun OA version v.1.0.0, which originates from a SQL injection vulnerability in the if parameter in hcit.project.rte.agents.UploadImages.class, which could lead ...

Code-Projects Online Appointment Booking System 安全漏洞

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System has a SQL injection vulnerability that originates from improper handling of the parameter clinic in the file /admin/adddoctorclinic.php, which can be exploited by an attacker to access...

Code-Projects Online Appointment Booking System 注入漏洞

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that originates from improper handling of the parameter did in the file /admin/deletedoctor.php, which can be exploited by an attacker to inject...

WordPress plugin WP Pipes SQL注入漏洞

WordPress WP Pipes is an auto-collection plugin for WordPress, mainly used to merge the content of multiple RSS feeds into a new RSS feed, and supports regular updates and customized filtering features. WordPress WP Pipes suffers from a SQL injection vulnerability that stems from improper handlin...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter cargo in the /controle/control.php endpoint. An attacker can exploit this vulnerability to execute illeg...

WordPress plugin Funnel Builder by FunnelKit SQL注入漏洞

WordPress Funnel Builder by FunnelKit plugin is a professional sales funnel builder plugin for WordPress platform, which is mainly used to optimize the WooCommerce shopping process and increase the conversion rate. The WordPress Funnel Builder by FunnelKit plugin suffers from a SQL injection...

WordPress plugin Pakke Envíos 注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Pakke Envíos suffers from a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, no details of the vulnerabili...

Advantech iView SQL Injection Vulnerability (CNVD-2025-17830)

Advantech iView is a Simple Network Protocol SNMP based software from Advantech, China to manage B + B SmartWorx devices. An SQL injection vulnerability exists in Advantech iView, which can be exploited by an attacker to perform SQL injection and execute code in the context of the 'nt...

Open Solutions For Education openSIS SQL注入漏洞

Open Solutions For Education openSIS is an open source student information management system from Open Solutions For Education. A security vulnerability exists in Open Solutions For Education openSIS version 9.1, which originates from a SQL injection in the parameter id in the file Ajax.php, whic...

The vulnerability of the NetMRI network monitoring program lies in its failure to protect the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the NetMRI network monitoring program lies in the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...