CVE-2025-41032

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BAdmin%5D%5Busername%5D' parameter in /apprain/admin/manage/add/...

CVE-2025-41034 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-static-pages/create/...

CVE-2025-41033 SQL injection vulnerability in appRain CMF

An SQL injection vulnerability has been found in appRain CMF 4.0.5. This vulnerability allows an attacker to retrieve, create, update, and delete the database, through the 'data%5BPage%5D%5Bname%5D' parameter in /apprain/page/manage-dynamic-pages/create...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

CVE-2025-55472

SQL Injection vulnerability exists in Tirreno v0.9.5, specifically in the /admin/loadUsers API endpoint. The vulnerability arises due to unsafe handling of user-supplied input in the columns0data parameter, which is directly used in SQL queries without proper validation or parameterization...

SourceForge Dogfood CRM 安全漏洞

SourceForge Dogfood CRM is a SourceForge open source information management system. A security vulnerability exists in SourceForge Dogfood CRM version 2.0.10, which stems from insufficient cleanup of the data parameter in the spell.php script, which could lead to remote command execution...

CVE-2024-13982 SPON IP Network Intercom System rj_get_token.php Arbitrary File Read

SPON IP Network Broadcast System, a digital audio transmission platform developed by SPON Communications, contains an arbitrary file read vulnerability in the rjgettoken.php endpoint. The flaw arises from insufficient input validation on the jsondataurl parameter, which allows attackers to perfor...

SQL Injection

Overview lee-to/moonshine-tree-resource is a Tree resource for moonshine Affected versions of this package are vulnerable to SQL Injection via the data parameter in the Route::moonshine function. An attacker can exploit this to read sensitive data from the database. Remediation Upgrade...

MoonShine SQL Injection Vulnerability

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...

GHSA-9G9J-3W64-3CJH MoonShine SQL Injection Vulnerability

MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module...

Linux Distros Unpatched Vulnerability : CVE-2025-4517

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Allows arbitrary filesystem writes outside the extraction directory during extraction with filter=data. You are affected by this vulnerability if using the...

CVE-2025-8951 PHPGurukul Teachers Record Management System search.php sql injection

A vulnerability has been found in PHPGurukul Teachers Record Management System 2.1. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

PT-2025-33264 · Moonshine · Moonshine

Name of the Vulnerable Software and Affected Versions: MoonShine version 3.12.5 Description: MoonShine version 3.12.5 contains a SQL injection issue within the Blog module, specifically through the Data parameter. Recommendations: As a temporary workaround, consider restricting access to the Blog...

Django: SQL Injection when using FilteredRelation

A SQL injection vulnerability was discovered in the Django framework when using the FilteredRelation feature. The vulnerability was located in the tests/filteredrelation/tests.py file. The vulnerability allowed an attacker to inject malicious SQL code through the userdata parameter used in the...

Directory Management System search-directory.php File SQL Injection Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /admin/search-directory.php. An attacker can...

CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary JavaScript...

VulnCheck KEV: CVE-2025-34032

A reflected cross-site scripting XSS vulnerability exists in the Moodle LMS Jmol plugin version 6.1 and prior via the data parameter in jsmol.php. The application fails to properly sanitize user input before embedding it into the HTTP response, allowing an attacker to execute arbitrary...

Human Metapneumovirus Testing Management System /search-report-result.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. The Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter...

Laundry System insert_type.php file cross-site scripting vulnerability

Laundry System is a laundry system. Laundry System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter Type in the file /data/inserttype.php, which can be exploited by an attacker to execute arbitrar...