486 matches found
SUSE CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
EUVD-2025-198265
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
DEBIAN-CVE-2025-60798
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...
CVE-2025-60797
phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...
CVE-2025-62519
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...
PT-2025-47176
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions prior to 4.0.14 Description phpMyFAQ is an open source FAQ web application. A privileged user with 'Configuration Edit' permissions can execute arbitrary SQL commands due to an authenticated SQL injection flaw in the main...
phpMyFAQ SQL注入漏洞
phpMyFAQ is a multilingual, fully database-driven FAQ system by the individual developer Thorsten Rinne. A SQL injection vulnerability exists in versions prior to phpMyFAQ 4.0.14, which stems from an SQL injection that could lead to a complete database crack...
CVE-2025-64488
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious callid that alters the logic of the SQL query or injects arbitrary SQL. An attack can...
PT-2025-45523
Name of the Vulnerable Software and Affected Versions SuiteCRM versions 7.14.7 and below SuiteCRM versions 8.0.0-beta.1 through 8.9.0 Description SuiteCRM is a Customer Relationship Management CRM software application. An attacker can manipulate the call id to modify SQL query logic or inject...
CVE-2025-62617
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...
CVE-2025-62606
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...
CVE-2025-62617
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...
CVE-2025-62617 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
Admidio is an open-source user management solution. Prior to version 4.3.17, an authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can explo...
GHSA-2V5M-CQ9W-FC33 Admidio Vulnerable to Authenticated SQL Injection in Member Assignment Functionality
Summary An authenticated SQL injection vulnerability exists in the member assignment data retrieval functionality of Admidio. Any authenticated user with permissions to assign members to a role such as an administrator can exploit this vulnerability to execute arbitrary SQL commands. This can lea...
CVE-2025-62606
CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...
EUVD-2025-35589
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...
CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...
Admidio SQL注入漏洞
Admidio is an open source member management system from the Admidio team. The system supports features such as member lists, event management, guestbooks, photo albums and downloads. A SQL injection vulnerability exists in Admidio versions prior to 4.3.17, which stems from a SQL injection in the...