1128 matches found
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-925400)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-924847)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
WordPress Community Events plugin SQL Injection Vulnerability
WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...
Web-Based Internet Laboratory Management System /user/controller.php File SQL Injection Vulnerability
Web-Based Internet Laboratory Management System is a web laboratory software. A SQL injection vulnerability exists in Web-Based Internet Laboratory Management System, which originates from a lack of validation of externally entered SQL statements in the file /user/controller.php. An attacker can...
School Fees Payment Management System /ajax.php?action=delete_payment file SQL injection vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
Responsive Hotel Site roomdel.php File SQL Injection Vulnerability
Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that stems from the /admin/roomdel.php file mishandling the ID parameter and failing to properly validate and filter user input. An attacker can exploit this vulnerability to obta...
CVE-2025-34242
Advantech WebAccess/VPN before version 1.1.5 contains a SQL injection in AjaxNetworkController.ajaxAction(). An authenticated, low-privileged observer can inject SQL via datatable search parameters, leading to disclosure of database information. Affected product/version: Advantech WebAccess/VPN
CVE-2025-34242 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxNetworkController.ajaxAction()
Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-797319)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
PT-2025-45357
Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AppManagementController.appUpgradeAction function. An authenticated, low-privileged user can inject SQL code through datatable searc...
CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)
On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...
Automated Voting System update_user.php File SQL Injection Vulnerability
Automated Voting System is an automated voting system. Automated Voting System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter Password in the file /admin/updateuser.php. An attacker can exploit this...
CVE-2025-11365
The WP Google Map Plugin plugin for WordPress is vulnerable to blind SQL Injection via the 'id' parameter of the 'googlemap' shortcode in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
EUVD-2025-34110
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62387
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62385
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-11623
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62384
SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...
CVE-2025-62386
CVE-2025-62386 is a SQL injection vulnerability in Ivanti Endpoint Manager. According to connected sources, it allows a remote authenticated attacker to read arbitrary data from the database, with a CVSS v3.1 base score of 6.5 (Medium) and confidentiality impact High. The issue affects Ivanti End...
CVE-2025-62388
CVE-2025-62388 is an SQL injection in Ivanti Endpoint Manager that enables a remote authenticated attacker to read arbitrary data from the database. The Ivanti security advisory bundle lists this CVE among multiple SQL injection issues and indicates that fixes are being rolled into updates; speci...