CVE-2025-12238

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-12242 CodeAstro Gym Management System check-attendance.php sql injection

A vulnerability has been found in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/actions/check-attendance.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-12215 projectworlds Online Shopping System login_submit.php sql injection

A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /loginsubmit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used...

Code-Projects Nero Social Networking Site SQL注入漏洞

Nero Social Networking Site is a social networking site. Nero Social Networking Site suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /addfriend.php. An attacker can exploit this vulnerability to...

Code-Projects Automated Voting System SQL注入漏洞

Code-Projects Automated Voting System is a Code-Projects open source automated voting system. Code-Projects Automated Voting System version 1.0 suffers from a SQL injection vulnerability that stems from incorrect manipulation of the parameter Username in the file /admin/user.php, which could lead...

Bdtask Wholesale Inventory Control SQL注入漏洞

Bdtask Wholesale Inventory Control is an inventory management system from Bdtask Bangladesh. A SQL injection vulnerability exists in Bdtask Wholesale Inventory Control 20251013 and earlier versions, which stems from incorrect manipulation of the parameter firstname/lastname in the file...

Code-Projects Online Event Judging System SQL注入漏洞

Online Event Judging System is an online event judging system. Online Event Judging System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter contestantid in the file /editcontestant.php. An attacker can...

CLTPHP Content Management System SQL注入漏洞

CLTPHP Content Management System is a content management system from the Chinese company CLTPHP. A SQL injection vulnerability exists in CLTPHP Content Management System version 3.0. The vulnerability stems from an incorrect manipulation of the parameter keyword in the file /home/search.html, whi...

PT-2025-43875

Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...

PT-2025-44017

Name of the Vulnerable Software and Affected Versions Nero Social Networking Site version 1.0 Description A security flaw exists in the /deletemessage.php file of Nero Social Networking Site. Manipulation of the message id argument can lead to SQL injection. This issue can be exploited remotely...

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...

Exploit for CVE-2023-49440

CVE-2023-49440-POC Vulnerable Version: Ahab EPP Management v...

SQL Injection

Overview langgraph-checkpoint-sqlite is a Library with a SQLite implementation of LangGraph checkpoint saver. Affected versions of this package are vulnerable to SQL Injection via improper handling of filter $eq, $ne, $gt, $lt, $gte, $lte operators in the LangGraph SQLite store implementation. An...

LangGraph's SQLite store implementation has a SQL Injection Vulnerability

A SQL injection vulnerability exists in the langchain-ai/langgraph repository, specifically in the LangGraph's SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators $eq, $ne, $gt, $lt, $gte, $lt...

CVE-2025-9322 Stripe Payment Forms <= 8.3.1 - Unauthenticated SQL Injection

The Stripe Payment Forms by WP Full Pay – Accept Credit Card Payments, Donations & Subscriptions plugin for WordPress is vulnerable to SQL Injection via the 'wpfs-form-name' parameter in all versions up to, and including, 8.3.1 due to insufficient escaping on the user supplied parameter and lack ...

CVE-2025-11893 Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More <= 1.8.8.4 - Authenticated (Subscriber+) SQL Injection

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

Studio Fabryka DobryCMS SQL注入漏洞

Studio Fabryka DobryCMS is a content management system from Studio Fabryka, Inc. Studio Fabryka DobryCMS suffers from a SQL injection vulnerability that stems from improper neutralization of user-entered language functions, which could lead to an SQL injection attack...

CVE-2025-62617

Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...

Privilege Escalation

intelliants/subrion is vulnerable to privilege escalation. The vulnerability is due to improper access control in the built-in “Run SQL Query” feature under the SQL Tool admin panel, which allows authenticated administrators or moderators to execute arbitrary SQL commands and gain escalated...

ChanCMS /cms/article/findField File SQL Injection Vulnerability

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of external SQL statements in the function findField in the file /cms/article/findField. An attacker can exploit this vulnerability to...