850 matches found
PT-2025-44087
Name of the Vulnerable Software and Affected Versions HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to and including 1.3.7.1 Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is susceptible to blind SQL Injection...
PT-2025-44074
Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security issue has been identified in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue involves the processing of the file /admin/admin football.php...
EUVD-2025-36344
A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...
EUVD-2025-36347
A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...
CVE-2025-12257
CVE-2025-12257 affects SourceCodester Online Student Result System 1.0. The vulnerability is a SQL injection in the view_result.php handler, triggered by improper handling of the ID parameter, allowing remote exploitation. Multiple sources confirm the issue and that the exploit has been publicly ...
CVE-2025-12242 CodeAstro Gym Management System check-attendance.php sql injection
A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...
Code-Projects Automated Voting System SQL注入漏洞
Code-Projects Automated Voting System is a Code-Projects open source automated voting system. Code-Projects Automated Voting System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter Username in the file /admin/user.php, which could lead...
LangGraph's SQLite store implementation has a SQL Injection Vulnerability
A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...
CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection
The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2025-41018
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
CVE-2025-41019
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...
EUVD-2025-34736
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
EUVD-2025-34548
The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
Exploit for CVE-2025-61455
🛡️ CVE Disclosure: CVE-2025-61455 — SQL Injection in E-commerc...
WordPress Blappsta Mobile App plugin SQL Injection Vulnerability
WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...
E-Commerce Website supplier_add.php File SQL Injection Vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter suppemail in the file /pages/supplieradd.php. An attacker can exploit this vulnerability to...
CVE-2025-11611 SourceCodester Simple Inventory System user.php sql injection
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public...
EUVD-2025-33861
A weakness has been identified in Campcodes Online Apartment Visitor Management System 1.0. This impacts an unknown function of the file /forgot-password.php. This manipulation of the argument email causes sql injection. It is possible to initiate the attack remotely. The exploit has been made...
CVE-2025-11480
A vulnerability was detected in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /register.php. Performing manipulation of the argument registerusername results in sql injection. The attack is possible to be carried out remotely. The exploit ...
PT-2025-41462
Name of the Vulnerable Software and Affected Versions Simple Leave Manager version 1.0 Description A SQL injection issue exists in the Simple Leave Manager 1.0 application. The flaw is located in the /user.php file and stems from improper handling of user-supplied input within the argument table,...