CVE-2025-30062

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of the sourcecodester Personnel Property Equipment System contains a security vulnerability, which stems from an SQL injection vulnerability in the...

Code-Projects Simple Gym Management System 安全漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Simple Gym Management System contains a security vulnerability, which stems from an SQL injection vulnerability in the file /gym/trainersearch.php...

PT-2026-22604

Name of the Vulnerable Software and Affected Versions code-projects Simple Student Alumni System version 1.0 Description The software contains a SQL Injection flaw in the /TracerStudy/recordteacher edit.php file. The vulnerability exists due to insufficient sanitization of user-supplied input. Th...

PT-2026-22605

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection in the /ppes/admin/myitem reuse.php file. The vulnerability allows for potential unauthorized access to or modification of...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/myitemreuse.php file...

NocoDB SQL注入漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a SQL injection vulnerability; this vulnerability stemmed from unvalidated unit parameters in the...

PT-2026-22602

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the /TracerStudy/modal view.php file. The vulnerability allows for potential unauthorized...

PT-2026-22541

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A weakness exists in an unknown functionality of the file /admin/check studid.php. Manipulation of the student id argument can lead to SQL injection. The attack can be launched...

EUVD-2026-9220

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewreceipt.php...

CVE-2026-2751

Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux Service Dependencies modules allows Blind SQL Injection.This issue affects Centreon Web on Central Server before 25.10.8, 24.10.20, 24.04.24...

EUVD-2025-208138

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...

CVE-2025-11251

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

EUVD-2026-8996

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

PT-2026-22360

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...

PT-2026-22335

Name of the Vulnerable Software and Affected Versions Dayneks Software Industry and Trade Inc. E-Commerce Platform versions through 27022026 Description The Dayneks Software Industry and Trade Inc. E-Commerce Platform is affected by an Improper Neutralization of Special Elements used in an SQL...

Doditsolutions Homey BNB SQL注入漏洞

Doditsolutions Homey BNB is a homestay reservation system operated by the Indian company Doditsolutions. Doditsolutions Homey BNB V4 has a SQL injection vulnerability; this vulnerability stems from the id parameter being susceptible to SQL injections, which may allow unverified attackers to extra...