CVE-2025-51539

EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP script to read arbitrary files from the filesystem...

Hospital Management System edit-doctor.php file SQL Injection Vulnerability

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter docfees in the file /admin/edit-doctor.php. An...

Projectworlds Visitor Management System 注入漏洞

Visitor Management System is a visitor access management system. Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /visitorout.php. An attacker can exploit this...

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter deName in the file /addelivery.php. The vulnerability can be exploited by an attacker t...

PHPGurukul Hospital Management System 安全漏洞

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter doctorspecilization in the file...

PT-2025-32592 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev91 Description: pyLoad, a free and open-source Download Manager written in pure Python, contains a SQL Injection issue in the add links parameter of the /json/add package API endpoint. This allows attackers...

CVE-2025-50467

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query...

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. The vulnerability can be exploited by an attacker to execute...

Crime Reporting System /complainer_page.php File SQL Injection Vulnerability

Crime Reporting System is a crime reporting system. Crime Reporting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter location in the file /complainerpage.php. The vulnerability can be exploited by an...

Job Diary search.php File SQL Injection Vulnerability

Job Diary is a job diary software. Job Diary suffers from an SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements due to an error in the parameter Search in the file /search.php. An attacker can exploit this vulnerability to execute illegal SQL...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the /html/funcionario/dependenteeditarDoc.php endpoint idatendidofamiliares parameter. An attacker could exploit...

Code-Projects Online Appointment Booking System 注入漏洞

Online Appointment Booking System is an online appointment booking system. Online Appointment Booking System suffers from a SQL injection vulnerability that stems from an error in the parameter cidval in the file /getDay.php that lacks validation of externally entered SQL statements. The...

CVE-2025-24474

An Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6....

Local Services Search Engine Management System SQL Injection Vulnerability

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of the editid parameter in the file...

Old Age Home Management System SQL Injection Vulnerability

Old Age Home Management System is a nursing home management system. Old Age Home Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emeradd in file /admin/add-scdetails.php. An attacker can...

Shenzhen Mingyuan Cloud Technology Co., Ltd Mingyuan Cloud ERP suffers from SQL injection vulnerability (CNVD-2025-18511)

Mingyuan Cloud ERP is a Business Management software developed by Mingyuan Cloud Technology Co. Ltd. Mingyuan Cloud ERP SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information in the database...

Online Bidding System bidnow.php File SQL Injection Vulnerability

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /bidnow.php. An attacker can exploit this vulnerability to execute...

Simple Pizza Ordering System portal.php File SQL Injection Vulnerability

Simple Pizza Ordering System is a simple pizza ordering system. Simple Pizza Ordering System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /portal.php. An attacker can exploit this vulnerability...

Hostel Management System /contact_manager.php File SQL Injection Vulnerability

Hostel Management System is a hostel management system. Hostel Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter studentrollno in the file /contactmanager.php. An attacker can use this...

Hostel Management system SQL Injection Vulnerability

Hostel Management System is a dormitory management system designed specifically for schools or organizations. Hostel Management system suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the studentrollno parameter in the...