SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

Brilliance Golden Link Secondary System 注入漏洞

Brilliance Golden Link Secondary System is a management system from Brilliance, China. An injection vulnerability exists in Brilliance Golden Link Secondary System version 20250424 and earlier, which stems from incorrect manipulation of the parameter nodename in the file...

Code-Projects Patient Record Management System 注入漏洞

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the urinalysisform.php file parameter urinalysisid. An attacker can...

PHPGurukul Notice Board System 安全漏洞

Notice Board System is a bulletin board system. A SQL injection vulnerability exists in the Notice Board System, which originates from a lack of validation of externally-entered SQL statements in the parameter mobilenumber in file /admin-profile.php. An attacker can exploit this vulnerability to...

code-projects Patient Record Management System 安全漏洞

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the parameter itrno in file /sputumform.php. An attacker can exploit thi...

LlamaIndex SQL注入漏洞

LlamaIndex is a data framework for LLM applications open-sourced by LlamaIndex. A security vulnerability exists in LlamaIndex version v0.12.21, which stems from a SQL injection vulnerability in multiple vector store integrations that could lead to unauthorized access to data...

The vulnerability of the `people_depts` function in the `people_depts.php` file of the openDCIM software management infrastructure, which allows a hacker to execute arbitrary code.

The vulnerability of the peopledepts function in the peopledepts.php file of the openDCIM software for managing data infrastructure involves the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the QuerySubscribers function. An attacker can escalate privileges by injecting malicious SQL commands. Remediation Upgrade github.com/knadh/listmonk/internal/core to version 5.0.0 or higher. References - GitHub Commit...

CVE-2025-5557

A vulnerability has been found in PHPGurukul Teacher Subject Allocation Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-course.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotel...

CVE-2025-5556

A vulnerability, which was classified as critical, was found in PHPGurukul Teacher Subject Allocation Management System 1.0. This affects an unknown part of the file /admin/edit-teacher-info.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack...

CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which is caused by incorrect manipulation of the parameter content in the file /profile.php...

PHPGurukul Curfew e-Pass Management System 注入漏洞

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-category-detail.ph...

PHPGurukul Rail Pass Management System 注入漏洞

Rail Pass Management System is a rail pass management system. The Rail Pass Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /download-pass.php. An attacker can...

PHPGurukul Online Fire Reporting System 注入漏洞

Online Fire Reporting System is an online fire reporting system. The Online Fire Reporting System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter requestid in the file /details.php. An attacker can exploi...

CVE-2025-3951

The WP-Optimize WordPress plugin before 4.2.0 does not properly escape user input when checking image compression statuses, which could allow users with the administrator role to conduct SQL Injection attacks in the context of Multi-Site WordPress configurations...

CVE-2025-5365

A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to initiate the attack remotely...

JeeWMS 注入漏洞

JeeWMS is a JAVA-based warehouse management system from China Huayi JeeWMS. JeeWMS 20250504 and previous versions of injection vulnerability exists, the vulnerability stems from the file /cgAutoListController.do?datagrid function CgAutoListController SQL injection...

PHPGurukul Online Birth Certificate System 安全漏洞

Online Birth Certificate System is an online birth certificate system. The Online Birth Certificate System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /admin/all-applications.php. An...

Cyber Cafe Management System 注入漏洞

Cyber Cafe Management System CCMS is a cyber cafe management system by the individual developer Anuj Kumar. An injection vulnerability exists in Cyber Cafe Management System version 1.0, which stems from SQL injection due to incorrect manipulation of the parameters fromdate/todate in the file...

Employee Record Management System /loginerms.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Email in the file /loginerms.php. An attacker c...