CVE-2025-58628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58780

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."...

CVE-2025-57833

An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed QuerySet.annotate or QuerySet.alias...

CVE-2025-57146

phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter...

CVE-2025-9840

A weakness has been identified in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/gametype.php. Executing manipulation of the argument code can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

Apartment Management System utility_bill_setup.php File SQL Injection Vulnerability

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter txtGasBill in the file /setting/utilitybillsetup.php. An attacker can...

itsourcecode Sports Management System 安全漏洞

Sports Management System a sports management system. The Sports Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter code in the file /Admin/gametype.php. An attacker can exploit this...

CVE-2025-9794

CVE-2025-9794 affects Campcodes Computer Sales and Inventory System 1.0. A SQL injection vulnerability exists in the /pages/pos_transac.php?action=add endpoint, exploitable by manipulating the cash/firstname parameter. Attacks may be performed remotely, and multiple parameters could be affected. ...

CVE-2025-9706

A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed...

PT-2025-35353

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/FormulaMedia/edit file of the Formula de Cálculo de Média Page component. Manipulation of t...

SourceCodester Online Polling System Code 安全漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. A security vulnerability exists in SourceCodester Online Polling System Code version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter myusername in the file...

CVE-2025-29894 Qsync Central

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 4.5.0.7 2025/04/23...

Code-Projects Simple Grading System 安全漏洞

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the file /login.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter txtMonthName in the file /setting/monthsetup.php. An attacker c...

CVE-2025-9592 itsourcecode Apartment Management System bill_info.php sql injection

A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/billinfo.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public...

CVE-2025-50972

SQL Injection vulnerability in AbanteCart 1.4.2, allows unauthenticated attackers to execute arbitrary SQL commands via the tmplid parameter to index.php. Three techniques have been demonstrated: error-based injection using a crafted FLOOR-based payload, time-based blind injection via SLEEP, and...

CVE-2025-9532

A flaw has been found in Portabilis i-Educar up to 2.10. This impacts an unknown function of the file /RegraAvaliacao/view. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor...

CVE-2025-30058 SQL injection in getPatientIdentifier function of PatientService.pl

In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter...

PT-2025-34827

Name of the Vulnerable Software and Affected Versions: Campcodes Online Loan Management System version 1.0 Description: A vulnerability exists in Campcodes Online Loan Management System that allows for SQL injection. The issue is located in an unknown functionality within the /ajax.php?action=sav...

CVE-2025-50972

CVE-2025-50972 affects AbanteCart 1.4.2. The vulnerability is a SQL Injection in the unvalidated tmpl_id parameter sent to index.php, enabling unauthenticated attackers to execute arbitrary SQL commands. Documented techniques include error-based injections using a crafted FLOOR payload, time-base...