CVE-2025-13059 SourceCodester Alumni Management System manage_career.php sql injection

A weakness has been identified in SourceCodester Alumni Management System 1.0. The impacted element is an unknown function of the file /managecareer.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available t...

EUVD-2025-131910

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Golemiq 0 Day Analytics allows SQL Injection.This issue affects 0 Day Analytics: from n/a through 4.0.0...

CVE-2025-59499

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

EUVD-2025-119986

Bacteriology Laboratory Reporting System developed by ViewLead Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13047

CVE-2025-13047 affects the ViewLead Technology Bacteriology Laboratory Reporting System. The vulnerability is a SQL Injection that allows unauthenticated remote attackers to inject arbitrary SQL and read database contents. Root cause and exact vulnerable component are described as an injection fl...

CVE-2025-13046

...

WellSky Harmony 安全漏洞

WellSky Harmony is an all-in-one service management platform from WellSky USA. A security vulnerability exists in WellSky Harmony version 4.1.0.2.83, which stems from improper cleanup of the TXTUSERID parameter in the xmHarmony.asp endpoint, which could lead to an SQL injection attack...

EUVD-2025-84350

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-8324 SQL Injection

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration...

CVE-2025-12927

A security vulnerability has been detected in DedeBIZ up to 6.3.2. The impacted element is an unknown function of the file /admin/archivesadd.php. Such manipulation of the argument flags leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may b...

CVE-2025-42889

CVE-2025-42889 affects SAP Starter Solution. An authenticated attacker can execute crafted database queries, exposing the back-end database. Impact is described as low for confidentiality and integrity, with no availability impact. Multiple connected sources (NVD/Red Hat/NCSc/CVE listing) confirm...

WordPress Plugin CoSchool LMSSQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

Advantech WebAccess/VPN AjaxDeviceController.ajaxDeviceAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

WordPress Easy Email Subscription plugin SQL Injection Vulnerability

WordPress Easy Email Subscription plugin is a plugin for adding email subscription functionality to your WordPress website. WordPress Easy Email Subscription plugin suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements...

EUVD-2025-44057

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-12931 SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-12865

U-Office Force by e-Excellence is affected by a SQL Injection vulnerability stemming from unvalidated input, enabling an authenticated remote attacker to read, modify, and delete database contents. CVSS metrics indicate high impact to confidentiality, integrity, and availability. No remediation o...

CVE-2025-12926 SourceCodester Farm Management System review.php sql injection

A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the...

e-Excellence U-Office Force SQL注入漏洞

e-Excellence U-Office Force is an e-Office platform from China-based First Class Technology e-Excellence. The e-Excellence U-Office Force suffers from a SQL injection vulnerability that originates from allowing an authenticated, remote attacker to inject arbitrary SQL commands that could result i...

PT-2025-46180

Name of the Vulnerable Software and Affected Versions rickxy Hospital Management System version 1.0 Description The patient prescription viewing functionality within the his doc view single patient.php component contains an SQL injection issue. The pat number GET parameter is directly incorporate...