Campcodes Online Loan Management System 安全漏洞

CampCodes Online Loan Management System is an online loan management system from CampCodes Philippines, Inc. A security vulnerability exists in Campcodes Online Loan Management System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter lastname in...

CVE-2025-9471

CVE-2025-9471 affects itsourcecode Apartment Management System 1.0. The vulnerability is a SQL injection in the file /maintenance/add_maintenance_cost.php triggered by manipulating the ID parameter. It allows remote exploitation and the exploit has been publicly disclosed. Multiple sources corrob...

CVE-2025-9172 Vibes <= 2.2.0 - Unauthenticated SQL Injection via `resource` Parameter

The Vibes plugin for WordPress is vulnerable to time-based SQL Injection via the ‘resource’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-9426 itsourcecode Online Tour and Travel Management System package.php sql injection

A weakness has been identified in itsourcecode Online Tour and Travel Management System 1.0. This affects an unknown part of the file /package.php. Executing manipulation of the argument subcatid can lead to sql injection. The attack may be performed from a remote location. The exploit has been...

Yifang CMS 安全漏洞

Yifang CMS is a PHP enterprise website development and construction management system from China Yifang Company. A security vulnerability exists in Yifang CMS 2.0.5 and earlier versions, which originates from SQL injection of the newurl parameter in the file app/logic/Ltool.php...

CVE-2025-56215

CVE-2025-56215 affects phpgurukul Hospital Management System 4.0, with a SQL Injection in contact.php through the pagetitle parameter. The vulnerability is described as an injection flaw in a PHP/MySQL-based system. According to the CVE details, the base impact is Low for confidentiality and inte...

PT-2025-34684 · Ruoyi-Go · Ruoyi-Go

Name of the Vulnerable Software and Affected Versions: ruoyi-go versions up to 2.1 Description: A weakness exists in the SelectListByPage function of the modules/system/dao/GenTableDao.go file. Manipulation of the isAsc/orderByColumn argument can lead to SQL injection. This issue is potentially...

Exploit for Improper Handling of Parameters in Fortinet Fortiweb

🚨 FortiWeb Authentication Bypass → Remote Code Execution...

CVE-2025-9255 Uniong｜WebITR - SQL Injection

WebITR developed by Uniong has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2024-53499

Jeewms v3.7 was discovered to contain a SQL injection vulnerability via the CgReportController API...

CVE-2025-57761 WeGIA SQL Injection vulnerability via 'id_funcionario' param at endpoint `/html/funcionario/dependente_remover.php`

WeGIA is a Web manager for charitable institutions. Prior to 3.4.10, there is a SQL Injection vulnerability in the /html/funcionario/dependenteremover.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

CVE-2025-9304 SourceCodester Online Bank Management System show.php sql injection

A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made...

PT-2025-34248 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.10 Description: WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability exists in the /html/funcionario/dependente remover.php endpoint, specifically in the id funcionario parameter. This...

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

CVE-2025-54048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...

Lingdang CRM SQL注入漏洞

Lingdang CRM Lingdang CRM is a customer relationship management system of China Lingdang Lingdang company. Lingdang CRM SQL injection vulnerability exists, the vulnerability stems from the improper operation of the getvaluestring parameter in the /crm/crmapi/erp/tabdetailmoduleSave.php file, whic...

CodePhiliaX Chat2DB 注入漏洞

CodePhiliaX Chat2DB is an AI-driven SQL client from CodePhiliaX open source. CodePhiliaX Chat2DB 0.3.7 and earlier versions have an injection vulnerability that stems from a SQL injection vulnerability in the file DataSourceController.java in the component JDBC Connection Handler...

PT-2025-33821 · Surbowl · Dormitory-Management-Php

Name of the Vulnerable Software and Affected Versions: Surbowl dormitory-management-php versions prior to 9f1d9d1f528cabffc66fda3652c56ff327fda317 Description: A SQL injection issue exists in Surbowl dormitory-management-php. The issue is located in the /admin/violation add.php file, specifically...

CVE-2025-50926

CVE-2025-50926 affects Easy Hosting Control Panel (EHCP) version 20.04.1.b. The vulnerability is a SQL injection in the id parameter of the List All Email Addresses function, caused by unsanitized input leading to database query manipulation. The PacketStorm entry provides an explicit HTTP GET ex...