EUVD-2025-204246

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through = 2.1.5...

PT-2025-52314

Name of the Vulnerable Software and Affected Versions WBiz Desk version 1.2 Description A SQL injection issue exists in WBiz Desk 1.2 that allows non-admin users to manipulate database queries. This is possible through the tk parameter within the 'ticket.php' file. Attackers can inject crafted SQ...

PT-2025-52337

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/SCADA affected versions not specified Description Advantech WebAccess/SCADA is susceptible to a SQL injection issue. Successful exploitation could allow an attacker to execute arbitrary SQL commands. Recommendations At the...

Kentico Xperience SQL注入漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the Online Marketing Macro Method parameter. An attacker can exploit this vulnerability to...

PT-2025-52300

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A SQL injection issue exists in Kentico Xperience, potentially allowing authenticated editors to inject malicious SQL queries through online marketing macro method parameters. This ...

Simple Attendance Record System check.php File SQL Injection Vulnerability

Simple Attendance Record System is a simple attendance record system. Simple Attendance Record System suffers from a SQL injection vulnerability that originates from an unknown function in the /check.php file that mishandles the student parameter. An attacker can use this vulnerability to obtain ...

PT-2025-51999

Name of the Vulnerable Software and Affected Versions Roxnor PopupKit versions through 2.1.5 Description A flaw exists in Roxnor PopupKit’s popup-builder-block component that allows for Blind SQL Injection. This is due to improper neutralization of special elements used in an SQL command. The...

CVE-2025-14833

A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipulation of the argument clinic results in sql injection. The attack can be initiated remotely. The...

CVE-2025-14832

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

PT-2025-51929

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the eGive.php file within the "ReImport" functionality. An authenticated user with finance privileges can execu...

PT-2025-51964

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a SQL injection issue in the 'column' parameter. Attackers can inject crafted SQL payloads through the 'column' parameter in the ''index.php'' endpoint to potentially extract ...

CVE-2025-68054

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup CountDown With Image or Video Background countdownwithbackground allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through = 1.5...

CVE-2025-67950 WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects All In One SEO Pack: from n/a through = 4.9.1...

WordPress List category posts SQL Injection Vulnerability

WordPress List category posts is a feature-rich WordPress plugin , mainly through the catlist short code to achieve the function . WordPress List category posts has a SQL injection vulnerability, the vulnerability stems from the existence of the startingwith parameter time-based SQL injection, an...

PT-2025-51444

Name of the Vulnerable Software and Affected Versions LambertGroup xPromoter versions through 1.3.4 Description A flaw exists in LambertGroup xPromoter that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially allow...

QNAP Systems Hero和QNAP Systems QTS SQL注入漏洞

QNAP Systems Hero and QNAP Systems QTS are both products of China-based Weilian Technology QNAP Systems.QNAP Systems Hero is a NAS operating system for file management. The system retains the application ecosystem of QTS and integrates the more powerful 128-bit ZFS file system to provide...

CVE-2023-36338

Inventory Management System 1 was discovered to contain a SQL injection vulnerability...

CVE-2025-14711 FantasticLBP Hotels Server hotelList.php sql injection

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried...

CVE-2025-14639

A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...