CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability exploitable via the cat_id parameter on category.php. Unauthenticated attackers can inject SQL to manipulate queries and exfiltrate sensitive data, including usernames and credentials. Impact is high for confidentiality and integrity, with succe...

CVE-2026-5672

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument catid leads to sql injection. It is possible to initiate the...

CVE-2026-5552

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible...

CVE-2026-5552

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible...

CVE-2026-33770 AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized...

CVE-2026-4569

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /viewcategory.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is...

EUVD-2025-36216

A security flaw has been discovered in SourceCodester Point of Sales 1.0. Impacted is an unknown function of the file /deletecategory.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may...

CVE-2025-12293

CVE-2025-12293 concerns SourceCodester Point of Sales 1.0. A SQL injection vulnerability arises from improper handling of the Category argument in the /category.php file, exploitable remotely. Multiple sources note the exploit is publicly available. Reported impacts include confidentiality, integ...

PT-2025-43980

Name of the Vulnerable Software and Affected Versions SourceCodester Point of Sales version 1.0 Description A SQL injection issue exists due to improper processing of the Category argument in the /category.php file. Remote attackers can exploit this to potentially compromise the system. The explo...

CVE-2025-11552

A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-11552 code-projects Online Complaint Site category.php sql injection

A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

EUVD-2018-6858

Malware in sbrugna...

CVE-2023-1908

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/viewcategory.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. ...

CVE-2025-5006

A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/category.php. The manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-3140

A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /viewcategory.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit...

CVE-2025-1874 SQL injection vulnerability in 101news

SQL injection vulnerability have been found in 101news affecting version 1.0 through the "description" parameter in admin/add-category.php...

Code-Projects Real Estate Property Management System 跨站脚本漏洞

Code-Projects Real Estate Property Management System is a Code-Projects open source real estate property management system. A cross-site scripting vulnerability exists in Code-Projects Real Estate Property Management System version 1.0, which stems from the parameter Desc in the file...

CVE-2024-37857

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/viewcategory.php...

CVE-2024-22625

Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /SupplyManagementSystem/admin/editcategory.php?id=...

CVE-2023-1908

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/viewcategory.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. ...