850 matches found
PT-2025-52504
Name of the Vulnerable Software and Affected Versions code-projects Simple Blood Donor Management System version 1.0 Description A flaw exists in code-projects Simple Blood Donor Management System version 1.0 that allows for remote SQL injection. The issue is located in the /editedcampaign.php...
CVE-2025-14898
CVE-2025-14898 affects CodeAstro Real Estate Management System 1.0. In the file /admin/userbuilderdelete.php of the Administrator Endpoint , there is an input handling flaw that enables SQL injection . The issue is exploitable remotely and the exploit has been publicly released. The Red Hat/ENISA...
CVE-2023-36338
Inventory Management System 1 was discovered to contain a SQL injection vulnerability...
PT-2025-51283
Name of the Vulnerable Software and Affected Versions Sunbird Power IQ versions prior to 9.2.1 Description An error-based SQL injection issue exists in the Power IQ API due to insufficient input validation when handling arrays in an outdated API endpoint. This allows manipulation of SQL queries...
PT-2025-51260
Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An issue exists in Frappe ERPNext that allows an attacker to extract arbitrary data from the database. The get outstanding reference documents function, located at...
PT-2025-51133
Name of the Vulnerable Software and Affected Versions itsourcecode Online Pet Shop Management System version 1.0 Description A flaw exists in the itsourcecode Online Pet Shop Management System that allows for SQL injection. This issue is located in the /pet1/addcnp.php file, where manipulation of...
EUVD-2025-203123
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowbook.php. Such manipulation of the argument rollnumber leads to sql injection. The attack may be launched remotely. The exploit has been...
Japan Total System多款产品 SQL注入漏洞
Japan Total System GroupSession Free edition and others are an enterprise collaboration software from Japan Total System. A SQL injection vulnerability exists in various Japan Total System products. The vulnerability stems from an SQL injection issue that may result in the disclosure or...
CVE-2025-14537
A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...
CVE-2025-14527 projectworlds Advanced Library Management System view_book.php sql injection
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...
FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)
FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...
CVE-2021-47708
CVE-2021-47708 affects the COMMAX Smart Home System CDP-1020n. A SQL injection in the loginstart.asp id parameter allows an attacker to bypass authentication by sending a crafted POST with malicious id values, manipulating database queries to gain unauthorized access. The Red Hat and EU/NVD-style...
CVE-2025-64081
SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...
WordPress plugin Animation Addons for Elementor 安全漏洞
WordPress Animation Addons for Elementor plugin is an Elementor page builder extension plugin for the WordPress platform, focused on adding rich animation effects to websites. The WordPress Animation Addons for Elementor plugin suffers from a SQL injection vulnerability that stems from improper...
EUVD-2025-201709
A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used...
Code-Projects Currency Exchange System SQL注入漏洞
Code-Projects Currency Exchange System is a Code-Projects open source currency exchange system. A SQL injection vulnerability exists in Code-Projects Currency Exchange System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /viewserial.php, which could lead to ...
PT-2025-49506
Name of the Vulnerable Software and Affected Versions code-projects Currency Exchange System version 1.0 Description A flaw exists in code-projects Currency Exchange System 1.0 where manipulation of the ID argument in the /viewserial.php file can lead to SQL injection. This issue is remotely...
PT-2025-49514
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...
SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-986300)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
EUVD-2025-200977
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based SQL Injection via the "getTermsForAjax" function in all versions up to, and including, 3.40.1. This is due to insufficient escaping on the user supplied parameters and lack of...