CVE-2025-15407

CVE-2025-15407 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/Create_category.php, triggered by manipulation of the dre_Ctitle parameter. Exploitation could be performed remotely, and public disclosures exist. Multiple...

Code-Projects Online Guitar Store SQL注入漏洞

Code-Projects Online Guitar Store is a Code-Projects open source online guitar store. A SQL injection vulnerability exists in Code-Projects Online Guitar Store version 1.0, which stems from an incorrect operation of the parameter delpro in the file /admin/Deleteproduct.php, which could lead to SQ...

CVE-2023-7331

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-28949

CVE-2025-28949 for Mediabay - WordPress Media Library Folders: an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability allowing Blind SQL Injection in Mediabay = 1.5 or patch-level fixes) and confirm the affected software is the Mediabay plugin for Word...

CVE-2025-15392

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...

WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability

WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

Full Stack Bank SQL注入漏洞

Full Stack Bank is a banking system by the individual developer Krystian Pińczak. Full Stack Bank suffers from a SQL injection vulnerability that stems from unknown code manipulation of the component User Handler, which could lead to a SQL injection attack...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163 NLB mKlik Macedonia 3.3.12 SQL Injection via International Transfer Parameters

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2022-50694 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x SQL Injection via Username Parameter

SOUND4 IMPACT/FIRST/PULSE/Eco =2.x contains an SQL injection vulnerability in the 'username' POST parameter of index.php that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through the username parameter to bypass authentication and potentially access...

CVE-2025-15353

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function editadminquery of the file /admin/editadminquery.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

EUVD-2025-205856

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/addadmin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published...

EUVD-2025-205803

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Appointify allows Blind SQL Injection.This issue affects Appointify: from n/a through 1.0.8...

EUVD-2025-205746

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through = 1.4.9...

CVE-2025-15186

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-15211 code-projects Refugee Food Management System refugee.php sql injection

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

Code-Projects Simple Stock System SQL注入漏洞

Code-Projects Simple Stock System is a Code-Projects open source simple stock system. Code-Projects Simple Stock System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter Username in the file /market/login.php, which can lead to SQL...