PT-2025-5490 · Unknown · Serped.Net

Name of the Vulnerable Software and Affected Versions: SERPed.net versions n/a through 4.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially compromising data...

PT-2025-1435 · Unknown · Synnefo Internet Management

Name of the Vulnerable Software and Affected Versions: Synnefo Internet Management Software versions 2023 and earlier Description: A SQL injection issue exists due to improper input validation in a specific API endpoint parameter, allowing an attacker to manipulate SQL queries via crafted input...

Synnefo Internet Management Software 安全漏洞

Synnefo Internet Management Software SynnefoIMS is an Internet management software from Synnefo, Inc. A security vulnerability exists in Synnefo Internet Management Software version 2023 and prior releases that stems from the presence of a SQL injection vulnerability...

VulnCheck KEV: CVE-2024-32739

A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "queryptaskverbose" function within MCUDBHelper...

UBUNTU-CVE-2024-43709

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA suffers from a SQL injection vulnerability that originates from allowing an attacker to execute arbitrary SQL commands in the database, which could lead to unauthorized access to sensitive informati...

aEnrich a+HRD SQL注入漏洞

aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...

PT-2025-3958 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical issue has been found in the software, specifically a SQL injection flaw. This issue is related to the manipulation of the id argument in the "/index.php" file, allowing for remote attacks. The exploi...

WordPress plugin WP Extended SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

itsourcecode Tailoring Management System 注入漏洞

itsourcecode Tailoring Management System is a tailoring management system from itsourcecode open source. An injection vulnerability exists in version 1.0 of itsourcecode Tailoring Management System, which stems from the parameter expcat in the file /expadd.php that can cause SQL injection...

CVE-2024-57775

JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid...

BigAntSoft BigAnt office messenger SQL Injection Vulnerability

BigAntSoft BigAnt office messenger is a server/client instant messaging program for enterprise environments from BigAntSoft Australia. A SQL injection vulnerability exists in BigAntSoft BigAnt office messenger. The vulnerability can be exploited to conduct a SQL injection attack via the "devcode"...

WordPress plugin Passwords Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, related to the failure to protect the SQL request structure, allows attackers to execute SQL injections.

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes is related to the lack of measures taken to protect the SQL request structure. Exploiting this vulnerability allows a malicious actor to execute SQL injections remotely...

Selesta Visual Access Manager SQL Injection Vulnerability (CNVD-2025-22658)

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in /common/vamSql.php. An attacker can exploit this vulnerability to perform...

WordPress plugin Easy Code Snippets SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exist...

PT-2025-5086 · Alphabpo · Alphabpo Easy Code Snippets

Name of the Vulnerable Software and Affected Versions: AlphaBPO Easy Code Snippets versions 1.0.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. A SQL injection vulnerability exists in Selesta Visual Access Manager, which can be exploited by an attacker to perform SQL injection in multiple POST parameters of /monitor/sscheduledfile.php...

PT-2025-3891 · Netvision Information · Airpass

Name of the Vulnerable Software and Affected Versions: airPASS versions affected versions not specified Description: The airPASS from NetVision Information has a SQL Injection issue, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database...

Selesta Visual Access Manager SQL Injection Vulnerability

Selesta Visual Access Manager is a visual access manager from Selesta. Selesta Visual Access Manager suffers from a SQL injection vulnerability that stems from a lack of validation of the GET parameter of /common/ajaxfunction.php against an externally entered SQL statement. An attacker can exploi...