EUVD-2025-34548

The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

Courier Management System add-courier.php File SQL Injection Vulnerability

Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...

Online Job Search Engine registration.php File SQL Injection Vulnerability

Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...

WordPress plugin Wp tabber widget SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...

ERPNext import_coa function SQL injection vulnerability

ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...

Project Monitoring System useredit.php File SQL Injection Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...

EUVD-2025-34289

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally...

Exploit for CVE-2025-61455

🛡️ CVE Disclosure: CVE-2025-61455 — SQL Injection in E-commerc...

JDBC Driver for SQL Server Spoofing Vulnerability

Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...

CVE-2025-10610

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...

EUVD-2025-34103

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

EUVD-2025-34104

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

EUVD-2025-34105

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...

FreePBX Endpoint Manager SQL注入漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from FreePBX open source. An SQL injection vulnerability exists in FreePBX Endpoint Manager versions prior to 16.0.92 and 17.0.6. The vulnerability stems from an SQL injection vulnerability in multiple parameters in...

PT-2025-41894

Name of the Vulnerable Software and Affected Versions Winsure versions through August 21, 2025 Description A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL co...

CVE-2025-62389

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62388

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-6919 SQLi in Cats Informatics' Aykome

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cats Information Technology Software Development Technologies Aykome License Tracking System allows SQL Injection. This issue affects Aykome License Tracking System: before Version dated 06.10.2025...

EUVD-2025-33968

A security vulnerability has been detected in Campcodes Online Beauty Parlor Management System 1.0. The impacted element is an unknown function of the file /admin/search-appointment.php. Such manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The...

CVE-2025-11667 code-projects Automated Voting System add_candidate_modal.php. sql injection

A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...