6588 matches found
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via algorithmic complexity in the SQL parsing logic. The parser fails to enforce limits when handling deeply nested tuples or unusually large token sequences, allowing an attacker to...
EUVD-2025-200189
The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks...
Axios Systems Assyst 安全漏洞
Axios Systems Assyst is an off-the-shelf application from Axios Systems, UK, for managing IT services without the complexity and overhead associated with ITSM platforms such as ServiceNow and BMC Remedy. Axios Systems Assyst has a security vulnerability that stems from a specially crafted dict ke...
CVE-2025-65380
PHPGurukul Billing System 1.0 is vulnerable to SQL Injection in the admin/index.php endpoint. Specifically, the username parameter accepts unvalidated user input, which is then concatenated directly into a backend SQL query...
PT-2025-48643
Name of the Vulnerable Software and Affected Versions donation WordPress plugin version 1.0 Description The plugin does not properly sanitize and escape a parameter before using it within a SQL statement. This allows users with high privileges, such as administrators, to potentially execute SQL...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-448742)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
EUVD-2025-200084
Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, a certain endpoint was vulnerable to error-based SQL injection due to lack of validation of parameters. Some information like version could be retrieved. This vulnerability is fixed in 15.86.0 and 14.99.2...
CVE-2025-63532
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...
Blood Bank Management System 安全漏洞
Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the receiverLogin.php component that could lead to unauthorized access...
CVE-2025-51683
CVE-2025-51683: mJobtime v15.7.2 contains a blind SQL injection in the /Default.aspx/update_profile_Server endpoint. Exploitation is unauthenticated and can lead to arbitrary SQL execution, with high impact on confidentiality, integrity, and availability. The description and sources confirm the v...
PT-2025-48460
Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0 Description A SQL injection issue exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application does not properly sanitize user-supplied input used in SQL querie...
mJobtime 安全漏洞
mJobtime is a time tracking and job management software from the US company mJobtime. A security vulnerability exists in mJobtime version v15.7.2 that originates from an unauthenticated attacker being able to execute arbitrary SQL statements via a specially crafted POST request, potentially...
EUVD-2025-199989
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...
Blood Bank Management System 安全漏洞
Blood Bank Management System is a blood bank management system by shridhar shukla individual developer. A security vulnerability exists in Blood Bank Management System version 1.0, which stems from a SQL injection issue in the abs.php component that could lead to unauthorized access...
CVE-2025-13788
A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public a...
CVE-2025-13788
chanjet crm is affected by a SQL injection in /tools/upgradeattribute.php via the gblOrgID parameter. The vulnerability affects Chanjet CRM versions up to 20251106 (pre-51107). Root cause: input manipulation in an unknown function leads to injectable SQL. Impact is high (remote attacker, data exp...
CVE-2025-13770
CVE-2025-13770 affects WebITR by Uniong. A SQL Injection vulnerability allows authenticated remote attackers to inject arbitrary SQL and read database contents. The issue is documented with CVSS v3.1/4.0 bases (6.5 MEDIUM and 7.1 HIGH, respectively). Affected versions are not specified in the sou...
VulnCheck KEV: CVE-2025-22214
Landray EIS 2001 through 2006 allows Message/fimessagereceiver.aspx?replyid= SQL injection...
PT-2025-48320
Name of the Vulnerable Software and Affected Versions WebITR versions affected versions not specified Description WebITR developed by Uniong has a SQL Injection issue. Authenticated remote attackers can inject arbitrary SQL commands, potentially allowing them to read database contents. The...
EUVD-2025-199829
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8...