CVE-2026-10261 CodeAstro Online Job Portal application_status.php sql injection

A flaw has been found in CodeAstro Online Job Portal 1.0. This affects an unknown function of the file /users/applicationstatus.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used...

WordPress Realtyna Organic IDX plugin plugin <= 5.1.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by ParkHyunWoo in WordPress Plugin Realtyna Organic IDX plugin versions = 5.1.0...

CVE-2025-15420 Yonyou KSOA agent_work_report.jsp sql injection

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agentworkreport.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The...

CVE-2025-60062

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through = 1.2.1.6...

CVE-2025-14314 WordPress PopupKit plugin <= 2.1.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through = 2.1.5...

CVE-2025-14653 itsourcecode Student Management System addrecord.php sql injection

A vulnerability was determined in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /addrecord.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be...

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...

EUVD-2025-24985

Malicious code in bioql PyPI...

CVE-2025-6305

A vulnerability was found in code-projects Online Shoe Store 1.0. It has been classified as critical. This affects an unknown part of the file /admin/adminfeature.php. The manipulation of the argument productcode leads to sql injection. It is possible to initiate the attack remotely. The exploit...

Ivanti Endpoint Manager SQL注入漏洞

Ivanti Endpoint Manager is an enterprise-grade endpoint management solution, mainly used for centralized management of various types of devices including Windows, MacOS, Linux, iOS/Android mobile devices, etc., to achieve unified configuration, security control and remote operation and maintenanc...

PT-2024-32936 · Unknown · Kashipara College Management System

Name of the Vulnerable Software and Affected Versions: Kashipara College Management System version 1.0 Description: A critical issue has been found, affecting an unknown function of the file submit extracurricular activity.php. The manipulation of the activity datetime argument leads to SQL...

Online Graduate Tracer System SQL注入漏洞

Online Graduate Tracer System is an online graduate tracer system by the individual developer Carlo Montero. SourceCodester Online Graduate Tracer System version 1.0 suffers from a SQL injection vulnerability that originates from an unknown issue in the file admin/prof.php, which leads to sql...

CVE-2021-26114

Multiple improper neutralization of special elements used in an SQL command vulnerabilities in FortiWAN before 4.5.9 may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

SQL Injection Vulnerability in Online Car Rental Service System

Online car rental service system is an O2O service platform built based on car rental business scenarios. There is a SQL injection vulnerability in the Online Car Rental Service System, which can be exploited by attackers to obtain sensitive information from the database...

Multiple vulnerabilities in baserCMS

Overview baserCMS provided by baserCMS Users Community contains multiple vulnerabilities listed below. SQL injection CWE-89 - CVE-2017-10842 Arbitary files may be deleted - CVE-2017-10843 Arbitary PHP code execution - CVE-2017-10844 Shoji Baba reported the vulnerabilities to IPA. JPCERT/CC...