EUVD-2025-201693

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /printpersonnelreport.php. This manipulation of the argument perid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2025-14215

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2025-201663

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclos...

EUVD-2025-201657

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /membersearch.php. Executing manipulation of the argument rollnumber can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2025-14212

A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /membersearch.php. Executing a manipulation of the argument rollnumber can lead to sql injection. The attack may be launched remotely. The exploit has be...

CVE-2025-14211

CVE-2025-14211 affects the projectworlds Advanced Library Management System 1.0. The vulnerability is in an unknown functionality of the file /delete_book.php, where manipulating the argument book_id yields a SQL injection. The issue is remotely exploitable and, per connected sources, the exploit...

SQL Injection Vulnerability in Remote Medical Comprehensive Service Platform of Beijing Divine Vision Han Technology Co. Ltd (CNVD-C-2025-987341)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the remote medical integrated service platform of Beijing Shenzhou Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

PT-2025-49506

Name of the Vulnerable Software and Affected Versions code-projects Currency Exchange System version 1.0 Description A flaw exists in code-projects Currency Exchange System 1.0 where manipulation of the ID argument in the /viewserial.php file can lead to SQL injection. This issue is remotely...

PT-2025-49539

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0. The issue affects code within the /edit user.php file. Manipulation of the fname argument can lead to a SQL...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that originates from a SQL command injection that could result in reading the contents of the...

Advantech iView SQL Injection Vulnerability

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from improper SNMP v1 trap request cleanup, which can be exploited by attackers to obta...

Code-Projects Currency Exchange System SQL注入漏洞

Code-Projects Currency Exchange System is a Code-Projects open source currency exchange system. A SQL injection vulnerability exists in Code-Projects Currency Exchange System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /viewserial.php, which could lead to ...

jshop_mall SQL注入漏洞

jshopmall Jshop small program mall is China Jihai technology hnjihai open source an e-commerce system. SQL injection vulnerability exists in jshopmall version 2.9.0, the vulnerability stems from the incorrect operation of the parameter catid in the file /index.php/api.html, which may lead to SQL...

PT-2025-49514

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2025-201599

A flaw has been found in Chanjet TPlus up to 20251121. Affected by this vulnerability is an unknown functionality of the file /tplus/ajaxpro/Ufida.T.SM.UIP.MultiCompanySettingController,Ufida.T.SM.UIP.ashx?method=Load. This manipulation of the argument currentAccId causes sql injection. It is...

Yonyou U8 Cloud SQL注入漏洞

Yonyou U8 Cloud is a cloud-based enterprise management system from China's UFIDA Yonyou Corporation. A SQL injection vulnerability exists in Yonyou U8 Cloud version 5.0, 5.0sp, 5.1, and 5.1sp, which originates from incorrect manipulation of the parameter usercode in the file...

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd. (CNVD-C-2025-986300)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

WordPress All In One SEO Pack plugin <= 4.9.1 - SQL Injection vulnerability

SQL Injection vulnerability discovered by mcdruid in WordPress Plugin All In One SEO Pack versions = 4.9.1...

EUVD-2025-201425

A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmakedown.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-12850

CVE-2025-12850 concerns the WordPress plugin “My auctions allegro”. It affects all versions up to and including 3.6.32 and enables a malicious actor to exploit an unauthenticated SQL Injection via the auction_id parameter. The root cause is insufficient escaping of user input and lack of proper q...