CVE-2025-13235

Mode C: This CVE concerns itsourcecode Inventory Management System 1.0. The vulnerability exists in the /admin/login.php file, where manipulating the user_email parameter can trigger SQL injection. It is exploitable remotely and has publicly disclosed exploits. Connected documents corroborate a S...

DataX-Web SQL注入漏洞

DataX-Web is a distributed data synchronization tool developed on top of DataX by WeiYe's individual developers. A SQL injection vulnerability exists in DataX-Web 2.1.2 and earlier versions, which stems from a misbehavior of an unknown function and could lead to a SQL injection attack...

Code-Projects Student Information System SQL注入漏洞

Student Information System is a student information system. Student Information System is vulnerable to a SQL injection vulnerability that originates from the /editprofile.php file not effectively filtering user input. No details of the vulnerability are available at this time...

PT-2025-47076

Name of the Vulnerable Software and Affected Versions code-projects Student Information System version 2.0 Description A flaw exists in code-projects Student Information System 2.0, affecting unknown code within the /index.php file. Manipulation of the Username argument can lead to SQL injection,...

EUVD-2025-197708

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2025-13201

The CVE-2025-13201 entry concerns Code-projects’ Simple Cafe Ordering System 1.0. A SQL injection vulnerability exists in the login.php file, arising from improper handling of the Username parameter. The issue can be exploited remotely, and an exploit is publicly available. Affected component: lo...

CVE-2024-44640

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php...

EUVD-2025-197644

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

EUVD-2025-197631

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

CVE-2024-44636

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php...

CVE-2025-12620

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...

CodeAstro Gym Management System SQL注入漏洞

Gym Management System is a gym management system from SourceCodester. A SQL injection vulnerability exists in version 1.0 of the Gym Management System, which stems from incorrect manipulation of the parameter ID in the file /admin/view-member-report.php, which could lead to a SQL injection attack...

CVE-2025-63724

SVX Portal 2.7A has a SQL injection in the admin/update_setings.php endpoint triggered by crafted POST requests. The vulnerability affects the portal’s server-side handling of input and can lead to unauthorized query manipulation. References from multiple sources corroborate the issue for version...

Code-Projects Simple Online Hotel Reservation System 安全漏洞

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that stems from the /addqueryreserve.php file failing to effectively filter the roomid parameter. No details of the vulnerability a...

SVXportal 安全漏洞

SVXportal is a portal for Peter's individual developers. A security vulnerability exists in SVXportal version 2.7A, which stems from a specially crafted POST request to admin/updatesetings.php that could lead to SQL injection...

ZOHO ManageEngine Analytics Plus SQL Injection Vulnerability

ZOHO ManageEngine Analytics Plus is a self-service IT analytics solution from ZOHO. Get a better view of your IT data with rich visualizations and dashboards. A SQL injection vulnerability exists in ZOHO ManageEngine Analytics Plus. An attacker can use this vulnerability to view, add, modify, or...

CVE-2025-63724

SQL injection SQL-i vulnerability in SVX Portal 2.7A via crafted POST request to admin/updatesetings.php...

CVE-2025-13121 cameasy Liketea API Endpoint StoreController.php list sql injection

A security vulnerability has been detected in cameasy Liketea 1.0.0. Impacted is the function list of the file laravel/app/Http/Controllers/Front/StoreController.php of the component API Endpoint. Such manipulation of the argument lng/lat leads to sql injection. The attack may be performed from...

Like Tea SQL注入漏洞

Like Tea is a multi-store tea drinking applet open source by comeasy. Like Tea version 1.0.0 SQL injection vulnerability exists , the vulnerability stems from the file laravel/app/Http/Controllers/Front/StoreController.php in the list function of the lng/lat parameter is not handled properly ,...

CVE-2025-13060 SourceCodester Survey Application System view_survey.php sql injection

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /viewsurvey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and m...