CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from an incorrect manipulation of the parameter txtProductName in the file /admin/addproduct.php, which...

CVE-2025-13422

CVE-2025-13422 affects freeprojectscodes Sports Club Management System 1.0. The vulnerable element is an unknown function in /dashboard/admin/change_s_pwd.php where manipulating the login_id parameter triggers SQL injection. The vulnerability is remotely exploitable and the exploit is public. Doc...

CVE-2025-13421

A security vulnerability has been detected in itsourcecode Human Resource Management System 1.0. Impacted is an unknown function of the file /src/store/NoticeStore.php. Such manipulation of the argument noticeDesc leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-63878

Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page...

CVE-2025-65024

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

CVE-2025-65023 i-Educar Authenticated Time-based SQL Injection in `funcionario_vinculo_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/funcionariovinculocad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands...

CVE-2025-65024 i-Educar Authenticated Time-based SQL Injection in `agenda_admin_cad.php`

i-Educar is free, fully online school management software. In versions 2.10.0 and prior, an authenticated time-based SQL injection vulnerability exists in the ieducar/intranet/agendaadmincad.php script. An attacker with access to an authenticated session can execute arbitrary SQL commands against...

CVE-2025-10437

CVE-2025-10437 describes an SQL Injection vulnerability in Eksagate Webpack Management System, affecting versions through 20251119. The root cause, as stated across Red Hat/Sec reports, is improper neutralization of special elements in SQL commands. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:...

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

PT-2025-47529

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A SQL injection issue exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue is related to the manipulation of the tid argument in the...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-891462)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

i-Educar 安全漏洞

i-Educar is a free educational software from Portábilis Open Source. A security vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codfuncionariovinculo parameter and can lead to SQL injection attacks...

i-Educar SQL注入漏洞

i-Educar is a free educational software from Portábilis open source. A SQL injection vulnerability exists in i-Educar version 2.10.0 and earlier, which stems from improper handling of the codagenda parameter and could lead to a SQL injection attack...

itsourcecode Human Resource Management System SQL注入漏洞

itsourcecode Human Resource Management System is itsourcecode open source human resource management system. A SQL injection vulnerability exists in itsourcecode Human Resource Management System version 1.0, which stems from a misuse of the eventSubject parameter in the file...

EUVD-2025-197989

A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=savestation. Performing manipulation of the argument id/station results in sql injection. The attack may be initiated remotely. The exploit is now public an...

CVE-2025-13280

A vulnerability was determined in CodeAstro Simple Inventory System 1.0. The impacted element is an unknown function of the file /index.php of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has bee...

EUVD-2025-197973

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2025-13344 SourceCodester Train Station Ticketing System ajax.php sql injection

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit ha...

CVE-2025-13253

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /addlibrarian.php. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

Fortinet FortiVoice SQL注入漏洞

Fortinet FortiVoice is a Unified Communications and Collaboration-as-a-Service from Fortinet, Inc. A SQL injection vulnerability exists in Fortinet FortiVoice versions 7.2.0 through 7.2.2 and 7.0.0 through 7.0.7, which stems from improperly neutralized SQL commands and could lead to the execution...