PT-2025-27650 · Ооо 'Айди Технологии Управления' · Documino

Уязвимость платформы автоматизации процессов электронного документооборота Documino связана с непринятием мер по защите структуры запроса SQL. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии путём отправки специально сформированного SQL-запроса...

WordPress plugin Simple Signup Form SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A SQL injection...

CVE-2025-1389

Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents...

PT-2025-7062 · Unknown · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M MySQL version LuxCal Web Calendar versions prior to 5.3.3L SQLite version Description: The issue concerns an SQL injection vulnerability in the retrieve.php file. If exploited, this vulnerability m...

LuxSoft LuxCal Web Calendar SQL注入漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A SQL injection vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.3.3M and prior to 5.3.3L, which stems from information in the database that could be deleted,...

Chat System add_chatroom.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the chatname/chatpass parameters of the /user/addchatroom.php file. An attacker can exploit this vulnerability to execute illega...

WordPress plugin LTL Freight Quotes – FreightQuote Edition SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin LTL Freigh...

PT-2025-6909 · Codezips · Codezips Gym Management System

Name of the Vulnerable Software and Affected Versions: Codezips Gym Management System version 1.0 Description: A critical issue affects some unknown functionality of the file /dashboard/admin/del plan.php. The manipulation of the argument name leads to SQL injection. The attack may be launched...

CVE-2025-22209

A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers administrator to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search feature...

CVE-2025-26348

A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'" in maxprofile/menu/model.lua editUserMenu endpoint in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP reques...

CVE-2025-1200

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slidercrud.php. The manipulation of the argument delid leads to sql injection. The attack can be initiated remotely. Th...

WordPress LTL Freight Quotes – FreightQuote Edition Plugin <= 2.3.11 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Colin Xu Patchstack Alliance in WordPress Plugin LTL Freight Quotes – FreightQuote Edition versions = 2.3.11...

WordPress plugin LTL Freight Quotes SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

Q-Free MAXTIME Suite SQL注入漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A SQL injection vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from the editUserMenu endpoint in maxprofile/menu/model.lua that does not properly handle user inpu...

Code-Projects Wazifa System 注入漏洞

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /controllers /control.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...

PT-2025-6863 · Ywoa · Ywoa

Name of the Vulnerable Software and Affected Versions: ywoa versions up to 2024.07.03 Description: A critical issue affects the function selectList of the file com/cloudweb/oa/mapper/xml/AddressDao.xml, leading to SQL injection. The attack may be initiated remotely. Recommendations: Upgrading to...

PT-2025-6847 · Sourcecodester · Sourcecodester Best Church Management

Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.1 Description: A critical issue has been found in the software, affecting an unknown function of the file /admin/edit slider.php. The manipulation of the id argument leads to SQL...

1000 Projects Bookstore Management System SQL注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which stems from a parameter id in the file processusersdel.php that can lead to SQL injection...

CVE-2024-29830

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code...

CVE-2024-10733

A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been...