CVE-2025-60108

CVE-2025-60108 (LambertGroup - AllInOne - Banner with Thumbnails) is a SQL Injection vulnerability in the WordPress plugin, allowing improper neutralization of input elements. Affected: LambertGroup - AllInOne - Banner with Thumbnails (up through version 3.8). Impact per CVSS: high confidentialit...

PT-2025-39555

Name of the Vulnerable Software and Affected Versions LambertGroup - AllInOne - Banner with Thumbnails versions through 3.8 Description A flaw exists in LambertGroup - AllInOne - Banner with Thumbnails that allows for Blind SQL Injection due to improper neutralization of special elements used in ...

PT-2025-38315

Name of the Vulnerable Software and Affected Versions Logo Software Retail Sales Management versions through 20250918 Logo Software Diva versions through 4.56.00.00 Description A SQL injection issue exists in Logo Software Retail Sales Management and Diva due to improper neutralization of special...

SUSE CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

CVE-2025-9943

An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...

CVE-2025-58454 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'listar_despachos.php' parameter 'id_memorando'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...

CVE-2025-58453

CVE-2025-58453 affects WeGIA Web Manager (versions 3.4.10 and earlier). The SQL Injection occurs in the exibe_anexo.php endpoint via the id_anexo parameter, enabling an attacker to run arbitrary SQL and access sensitive data. A patch is available in version 3.4.11. Some sources indicate a proof-o...

CVE-2025-58453 WeGIA vulnerable to Blind Time-Based SQL Injection in endpoint 'exibe_anexo.php' parameter 'id_anexo'

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior in the endpoint /WeGIA/html/memorando/exibeanexo.php, in the idanexo parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries,...

CVE-2025-58628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58881

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through = 8.0...

CVE-2025-7385

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...

CVE-2025-58628 WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58628 WordPress Miraculous Theme < 2.0.9 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58788

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through = 3.0.12...

CVE-2025-58881 WordPress New Simple Gallery Plugin <= 8.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus New Simple Gallery allows Blind SQL Injection. This issue affects New Simple Gallery: from n/a through 8.0...

CVE-2025-58881 WordPress New Simple Gallery Plugin <= 8.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in gopiplus New Simple Gallery new-simple-gallery allows Blind SQL Injection.This issue affects New Simple Gallery: from n/a through = 8.0...

CVE-2025-58788 WordPress License Manager for WooCommerce Plugin <= 3.0.12 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal License Manager for WooCommerce license-manager-for-woocommerce allows Blind SQL Injection.This issue affects License Manager for WooCommerce: from n/a through = 3.0.12...

CVE-2025-58788

CVE-2025-58788 affects the WordPress plugin License Manager for WooCommerce (vulnerable: up to 3.0.12). The issue is an SQL injection due to improper neutralization of special elements, enabling blind SQL injection. CVSS 3.1 base score 7.6 (HIGH) with potential high confidentiality impact and low...

WordPress plugin New Simple Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2025-7385

Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected...