PT-2025-44743

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System version 1.0 where manipulation of the id/ini weight argument in the file '/admin/update-progress.php' can lead to SQL injection. This issu...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co. Ltd (CNVD-C-2025-778387)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

PT-2025-44744

Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A flaw exists in CodeAstro Gym Management System 1.0 that could allow for SQL injection. This issue affects the /admin/view-progress-report.php file. Manipulation of the ID argument can...

PT-2025-44785

Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to SQL Injection in the /carlux/contact.php file. The vulnerability exists due to insufficient input validation when processing data submitted...

CVE-2025-63451

CVE-2025-63451 affects Car-Booking-System-PHP v1.0 vulnerable via SQL Injection in /carlux/sign-in.php due to insufficient input validation. Underlying flaw enables unauthorized data access/manipulation with high impact across confidentiality, integrity, and availability (CVSS 3.1: 9.8). Evidence...

CVE-2025-12606

Consolidated reports from Red Hat, CIRCL, CNNVD and others confirm a SQL injection in itsourcecode Online Loan Management System 1.0, caused by manipulation of the ID parameter in /manage_borrower.php. Remote exploitation is possible and has been publicly disclosed. The connected documents do not...

Code-Projects Simple Online Hotel Reservation System SQL注入漏洞

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file...

JavaWebVulnerabilityScanner

JavaWebVulnerabilityScanner 🔒 Java Web Vulnerability Scanner...

CVE-2025-36367

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system...

CVE-2025-36367

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. A malicious actor can use the elevated privileges of another user profile to gain root access to the host operating system...

PT-2025-44724

Name of the Vulnerable Software and Affected Versions IBM i versions 7.2 through 7.6 Description IBM i is susceptible to a privilege escalation issue stemming from an incorrect IBM i SQL services authorization check. An attacker can exploit this to leverage the privileges of another user profile...

CVE-2021-47693

The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.3 / Nagios XI 5.8.5 contains a SQL injection vulnerability in the search text handling. Unsanitized user-supplied input was incorporated into SQL queries used by configuration object editors, allowing authenticated users to inject...

CVE-2020-36869

Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface edit page. Exploitation requires an account with administrative privileges to access the affected interface. A user with administrative access could supply crafted input that is not properly...

EUVD-2025-37327

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Stylemix MasterStudy LMS masterstudy-lms-learning-management-system allows Blind SQL Injection.This issue affects MasterStudy LMS: from n/a through = 3.6.27...

CVE-2025-6520

CVE-2025-6520 concerns Abis Technology’s BAPSIS, where an improper neutralization of special elements leads to Blind SQL Injection in versions before 202510271606. Multiple sources describe exploitation potential to extract full database content via timing-based techniques, with a CVSS v3.1 base ...

EUVD-2012-6609

Nagios XI versions prior to 2012R1.3 contain a SQL injection vulnerability in the legacy Core Configuration Manager CCM interface. Authenticated users could manipulate SQL queries by supplying crafted input to specific CCM parameters, potentially allowing access to configuration data stored in th...

WordPress plugin MasterStudy LMS 安全漏洞

WordPress MasterStudy LMS plugin is an online learning system plugin designed specifically for WordPress to support the creation, management and sale of online courses for educational institutions, individual lecturers and other scenarios. WordPress MasterStudy LMS plugin suffers from a SQL...

Online Event Judging System add_contestant.php File SQL Injection Vulnerability

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter fullname in the file /addcontestant.php. An attacker can exploi...

CVE-2025-52664

SQL injection in Revive Adserver 6.0.0 causes potential disruption or information access when specifically crafted payloads are sent by logged in users...

CVE-2016-15050

Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search functionality. User-supplied search parameters were incorporated into SQL statements without adequate parameterization or sanitation, allowing an authenticated user to manipulate database queries...