CVE-2025-14537

A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument courseyearsection/semester causes sql injection. Remote exploitation of the attack is possible...

CVE-2025-13214

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13214 IBM Aspera Orchestrator SQL Injection

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-14529

CVE-2025-14529 affects Campcodes Retro Basketball Shoes Online Store v1.0. The vulnerability is an SQL injection in an unknown function of /admin/admin_running.php triggered by manipulating the pid argument, with remote attack feasibility and published exploits. The issue stems from improper inpu...

CVE-2025-14527 projectworlds Advanced Library Management System view_book.php sql injection

A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /viewbook.php. Executing a manipulation of the argument bookid can lead to sql injection. The attack can be executed remotely. The exploit has been made...

PT-2025-50720

IBM Aspera Orchestrator 4.0.0 through 4.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CampCodes Retro Basketball Shoes Online Store 安全漏洞

CampCodes Retro Basketball Shoes Online Store is an online store for retro basketball shoes from CampCodes, Inc. A security vulnerability exists in CampCodes Retro Basketball Shoes Online Store version 1.0, which stems from an incorrect manipulation of the parameter pid in the file...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

EUVD-2025-202170

Neuron is a PHP framework for creating and orchestrating AI Agents. In versions 2.8.11 and below, the MySQLWriteTool executes arbitrary SQL provided by the caller using PDO::prepare + execute without semantic restrictions. This is consistent with the name “write tool”, but in an LLM/agent context...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-12504

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Talent Software UNIS allows SQL Injection.This issue affects UNIS: before 42321...

Online Ordering System user_contact.php File SQL Injection Vulnerability

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...

FreePBX SQL Injection Vulnerability (CNVD-2025-3038208)

FreePBX formerly known as Asterisk Management Portal is a set of tools from the FreePBX project for configuring Asterisk IP telephony system through a GUI web-based graphical interface. FreePBX suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered S...

PT-2025-50556

Name of the Vulnerable Software and Affected Versions Neuron versions prior to 2.8.12 Description The PHP framework Neuron has an issue where the MySQLWriteTool can execute arbitrary SQL queries provided by a caller, utilizing PDO::prepare and execute without restrictions. This occurs because the...

CVE-2021-47708

CVE-2021-47708 affects the COMMAX Smart Home System CDP-1020n. A SQL injection in the loginstart.asp id parameter allows an attacker to bypass authentication by sending a crafted POST with malicious id values, manipulating database queries to gain unauthorized access. The Red Hat and EU/NVD-style...

EUVD-2025-202035

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows SQL Injection.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

CVE-2025-64156

An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7, FortiVoice 6.4 all versions, FortiVoice 6.0 all versions may allow an authenticated privileged attacker to execute...

CVE-2025-14250

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /usercontact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to...

CVE-2025-10655 Frappe Helpdesk 1.14.0 — SQL Injection in dashboard get_dashboard_data

SQL Injection in Frappe HelpDesk in the dashboard getdashboarddata due to unsafe concatenation of user-controlled parameters into dynamic SQL statements.This issue affects Frappe HelpDesk: 1.14.0...