PT-2025-44400

Name of the Vulnerable Software and Affected Versions CSZ-CMS versions prior to 1.3.1 Description A SQL injection issue exists in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute...

CSZ-CMS 安全漏洞

CSZ-CMS is a PHP-based open source content management system CMS from CSZ-CMS Open Source. A security vulnerability exists in CSZ-CMS 1.3.0 and prior versions, which stems from an unvalidated field parameter in the form view function, which could lead to an SQL injection attack...

CVE-2025-60542

SQL Injection vulnerability in TypeORM before 0.3.26 via crafted request to repository.save or repository.update due to the sqlstring call using stringifyObjects default to false...

CVE-2025-12339

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit...

EUVD-2025-36391

A security vulnerability has been detected in Campcodes Retro Basketball Shoes Online Store 1.0. This issue affects some unknown processing of the file /admin/adminfootball.php. The manipulation of the argument pid leads to sql injection. Remote exploitation of the attack is possible. The exploit...

EUVD-2025-36393

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

CVE-2025-12337 Campcodes Retro Basketball Shoes Online Store admin_feature.php sql injection

A security flaw has been discovered in Campcodes Retro Basketball Shoes Online Store 1.0. This affects an unknown part of the file /admin/adminfeature.php. Performing a manipulation of the argument pid results in sql injection. The attack may be initiated remotely. The exploit has been released t...

PT-2025-44067

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security flaw exists in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue affects an unknown part of the file /admin/admin feature.php. Manipulation of...

PT-2025-44087

Name of the Vulnerable Software and Affected Versions HUSKY – Products Filter Professional for WooCommerce plugin for WordPress versions up to and including 1.3.7.1 Description The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is susceptible to blind SQL Injection...

PT-2025-44074

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A security issue has been identified in Campcodes Retro Basketball Shoes Online Store version 1.0. The issue involves the processing of the file /admin/admin football.php...

EUVD-2025-36344

A vulnerability was found in code-projects Food Ordering System 1.0. The impacted element is an unknown function of the file /admin/deleteitem.php. Performing manipulation of the argument itemID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made...

CVE-2025-12309

CVE-2025-12309 concerns code-projects Nero Social Networking Site 1.0. The SQL injection vulnerability arises from lack of validation of the ID parameter in /friendprofile.php, enabling remote manipulation of SQL statements. Multiple connected sources (CNVD, CNNVD, Red Hat, ENISA, NVD, etc.) desc...

EUVD-2025-36347

A vulnerability was identified in code-projects Nero Social Networking Site 1.0. Affected by this vulnerability is an unknown functionality of the file /addfriend.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly...

CVE-2025-12292

A vulnerability was determined in SourceCodester Point of Sales 1.0. This vulnerability affects unknown code of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be...

EUVD-2025-36184

A security vulnerability has been detected in Bdtask Wholesale Inventory Control and Inventory Management System up to 20251013. This impacts an unknown function of the file /Admindashboard/editprofile. Such manipulation of the argument firstname/lastname leads to sql injection. The attack may be...

SQL Injection

net.mingsoft:ms-mcms is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the contenttitle parameter in the /cms/content/list endpoint, which allows an attacker to inject and execute arbitrary SQL queries through crafted input in the FreeMarker template rendering...

EUVD-2025-36146

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /editcriteria.php. Executing manipulation of the argument critid can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed an...

CVE-2025-12257

CVE-2025-12257 affects SourceCodester Online Student Result System 1.0. The vulnerability is a SQL injection in the view_result.php handler, triggered by improper handling of the ID parameter, allowing remote exploitation. Multiple sources confirm the issue and that the exploit has been publicly ...

CVE-2025-12254

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /addjudge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2025-12248 CLTPHP search.html sql injection

A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...