The vulnerability of the VMmanager 6 virtualization tool, related to the lack of protective measures for the SQL query structure, allows attackers to execute arbitrary SQL queries against the database.

The vulnerability of VMmanager 6’s virtualization mechanism is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries against the database remotely...

PHPGurukul Bank Locker Management System 注入漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the lockersize parameter of the edit-locker.php?ltid=6 file. An attacker c...

WordPress plugin dokme SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

WordPress plugin WP Profitshare SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin WP...

PHPGurukul Bank Locker Management System 注入漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of the search-report-details.php file. An attacker ca...

CVE-2025-2654

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manageservice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

Projectworlds Online Time Table Generator 注入漏洞

Projectworlds Online Time Table Generator is an online time table generator from Projectworlds India. An injection vulnerability exists in Projectworlds Online Time Table Generator version 1.0, which stems from the fact that incorrect manipulation of parameter e can lead to SQL injection...

PHPGurukul Bank Locker Management System 安全漏洞

Bank Locker Management System is a bank locker management system. Bank Locker Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally-entered SQL statements in the searchinput parameter of /search-locker-details.php. An attacker can exploi...

Projectworlds Online Time Table Generator 注入漏洞

Projectworlds Online Time Table Generator is an online time table generator from Projectworlds India. An injection vulnerability exists in Projectworlds Online Time Table Generator version 1.0, which stems from the fact that incorrect manipulation of the parameter course can lead to SQL injection...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid of art-enquiry.php. An attacker can exploit this...

EBM Technologies EBM Maintenance Center SQL注入漏洞

EBM Technologies EBM Maintenance Center is a maintenance center platform from China-based EBM Technologies EBM Technologies. A SQL injection vulnerability exists in EBM Technologies EBM Maintenance Center versions prior to 25.04.31435, which stems from an SQL injection that could lead to a remote...

Vanna SQL注入漏洞

Vanna is a personalized AI SQL agent from Vanna. A SQL injection vulnerability exists in Vanna version v0.6.2. An attacker can execute arbitrary SQL commands by exploiting this vulnerability...

DESCOR INFOCAD 安全漏洞

DESCOR INFOCAD is a software for BIM and facilities management from DESCOR Inc. It is used for integrated management of building information modeling and facilities. A security vulnerability exists in DESCOR INFOCAD 3.5.1 and prior versions that originates from SQL injection...

LlamaIndex SQL注入漏洞

LlamaIndex is a data framework for LLM applications open-sourced by LlamaIndex. LlamaIndex suffers from a SQL injection vulnerability that stems from improperly constructed SQL queries, which could lead to SQL injection attacks...

LlamaIndex SQL注入漏洞

LlamaIndex is a data framework for LLM applications from LlamaIndex open source. A SQL injection vulnerability exists in LlamaIndex v0.12.3 and earlier versions, which stems from an unvalidated SQL query and could lead to a SQL injection attack...

DB-GPT SQL注入漏洞

DB-GPT is an AWEL and agent-based AI native data application development framework open-sourced by eosphoros. DB-GPT version v0.6.0 suffers from a SQL injection vulnerability that originates from the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries, which can be...

Human Metapneumovirus Testing Management System /password-recovery.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. A SQL injection vulnerability exists in the Human Metapneumovirus Testing Management System due to a lack of validation of an externally-entered SQL statement in the parameter username in the...

Doctor Appointment Management System /doctor/search.php File SQL Injection Vulnerability

Doctor Appointment Management System is a doctor appointment management system. Doctor Appointment Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements in the searchdata parameter of file /doctor/search.php. An...

Vestel EVC04 Configuration Interface SQL注入漏洞

Vestel EVC04 Configuration Interface is an application from Vestel, Inc. Vestel EVC04 Configuration Interface versions 18.03.2025 and earlier have a SQL injection vulnerability that stems from improper neutralization of special elements in SQL commands, which can lead to SQL injection...

Mingyuan Cloud Real Estate ERP System 注入漏洞

Mingyuan Cloud Real Estate ERP System is a real estate business management software from China-based Mingyuan Cloud. An injection vulnerability exists in Mingyuan Cloud Real Estate ERP System version 1.0, which originates from SQL injection and could allow a remote attacker to obtain, update, and...