CVE-2025-34247

Advantech WebAccess/VPN versions prior to 1.1.5 are affected by a SQL injection in NetworksController.addNetworkAction(). An authenticated, low-privileged observer user can inject SQL via datatable search parameters, potentially disclosing database information. Affected product scope and impact a...

CVE-2025-34247 Advantech WebAccess/VPN < 1.1.5 SQL Injection via NetworksController.addNetworkAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-34246

Advantech WebAccess/VPN

CVE-2025-34245 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxStandaloneVpnClientsController.ajaxAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2025-60239

CVE-2025-60239 describes an SQL Injection in the WordPress CoSchool LMS plugin (versions

CVE-2025-28953 WordPress smart SEO plugin <= 4.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in axiomthemes smart SEO smartSEO allows SQL Injection.This issue affects smart SEO: from n/a through = 4.0...

PT-2025-45370

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection vulnerability within the ‘ztp search value’ parameter to the ‘NetworkServlet’ endpoint. Successfu...

Advantech iView 安全漏洞

Advantech iView is a software developed by Advantech for managing B+BSmartWorx series devices through a simple network management protocol. Advantech iView suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the searchterm...

CVE-2025-12197

The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticat...

WordPress MasterStudy LMS plugin SQL Injection Vulnerability

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

CVE-2025-55343

Quipux 4.0.1 through e1774ac allows authenticated users to conduct SQL injection attacks via busqueda/busqueda.php txtdepecodi, busqueda/busqueda.php txtusuacodi, anexoslista.php raditemp, Administracion/listas/formAreaajax.php codDepe, Administracion/listas/formDepeHijoajax.php codDepe,...

Revive Adserver SQL Injection Vulnerability

Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...

CVE-2025-12614

A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

EUVD-2025-37451

A vulnerability was found in itsourcecode Online Loan Management System 1.0. This vulnerability affects unknown code of the file /manageloan.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

CVE-2025-12606

A vulnerability was determined in itsourcecode Online Loan Management System 1.0. This issue affects some unknown processing of the file /manageborrower.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

SourceCodester Best House Rental Management System SQL注入漏洞

SourceCodester Best House Rental Management System is a SourceCodester open source house rental management system. SourceCodester Best House Rental Management System version 1.0 exists SQL injection vulnerability, the vulnerability stems from the function deletepayment in the file /adminclass.php...

PT-2025-44750

Name of the Vulnerable Software and Affected Versions itsourcecode Billing System version 1.0 Description A flaw exists in itsourcecode Billing System 1.0. The issue affects an unknown function within the /admin/app/login crud.php file. Manipulation of the Password argument can lead to a SQL...

Digiwin EasyFlow .NET和Digiwin EasyFlow AiNet SQL注入漏洞

Digiwin EasyFlow .NET and Digiwin EasyFlow AiNet are both products of China's Digiwin Corporation, Digiwin EasyFlow . AiNet is a business process automation platform. NET and Digiwin EasyFlow AiNet have a SQL injection vulnerability that originates from a vulnerability that could allow an...

PT-2025-44788

Name of the Vulnerable Software and Affected Versions Geutebruck G-Cam E-Series Cameras version 1.12.0.19 Description An unauthenticated SQL Injection exists within the Geutebruck G-Cam E-Series Cameras. The issue is located in the /uapi-cgi/viewer/Param.cgi script through the Group parameter...