Exploit for CVE-2025-10878

CVE-2025-10878-AdminPand...

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

EUVD-2026-4883

EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...

EGroupware SQL Injection Vulnerability

EGroupware is an online office platform developed by EGroupware Inc. Versions of EGroupware prior to 23.1.20260113 and 26.0.20260113 contained a SQL injection vulnerability. This vulnerability stemmed from issues with PHP type confusion handled by the Nextmatch filter, which could lead to SQL...

PT-2026-5080

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

SGH SQL injection vulnerability

SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from the GetServiceByRestaurantID endpoint, which does not properly clean or parameterize user inputs,...

CVE-2025-68857

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downloads: from n/a through = 3.15...

CVE-2025-4764

The CVE-2025-4764 issue is a SQL Injection vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot, due to improper neutralization of special elements in SQL commands. Affected product/version: Hotel Guest Hotspot up to and including 22012026. Impact is rated high (CVSS 3.1...

PT-2026-3923

Name of the Vulnerable Software and Affected Versions Aida Computer Information Technology Inc. Hotel Guest Hotspot versions through 22012026 Description A flaw exists in Aida Computer Information Technology Inc. Hotel Guest Hotspot that allows for SQL Injection due to improper neutralization of...

CVE-2026-1178 Yonyou KSOA HTTP GET Parameter select.jsp sql injection

A security vulnerability has been detected in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /kmf/select.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument folderid leads to sql injection. The attack can be initiated remotely. The...

CVE-2026-1160 PHPGurukul Directory Management System Search index.php sql injection

A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been...

EUVD-2026-3211

A security vulnerability has been detected in PHPGurukul Directory Management System 1.0. Impacted is an unknown function of the file /index.php of the component Search. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-1132

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /kmf/editfolder.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument folderid results in sql injection. The attack can be initiated remotely. The exploit has...

EUVD-2026-2758

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...

AVEVA Process Optimization

RISK EVALUATION Successful exploitation of these vulnerabilities could enable an attacker to execute remote code, perform SQL injection, escalate privileges, or access sensitive information. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

CVE-2025-67081

Itflow is affected by CVE-2025-67081 through version 25.06. The issue is an SQL injection in the role_id parameter used when editing a profile, exploitable by an admin account via blind SQL injection to extract arbitrary data. The root cause is insufficient sanitization of an integer parameter. M...

CVE-2026-22196 GestSup < 3.2.60 SQL Injection in Ticket Creation

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in ticket creation functionality. User-controlled input provided during ticket creation is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries...

CVE-2023-25196

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Software Foundation Apache Fineract. Authorized users may be able to change or add data in certain components. This issue affects Apache Fineract: from 1.4 through 1.8.2...

CVE-2021-41942

The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database...