CVE-2025-23218

WeGIA is affected by a SQL Injection in the adicionar_especie.php endpoint. The vulnerability enables arbitrary SQL commands and a full database dump, leading to unauthorized access to sensitive data. Fixed in version 3.2.10; upgrade to 3.2.10 to patch the flaw. Public references note the issue a...

PT-2025-4856 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.10 Description: WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the...

PT-2024-34544 · Audimexee · Audimexee

Name of the Vulnerable Software and Affected Versions: Audimex EE versions 15.1.20 and earlier Description: The issue allows a remote attacker to escalate privileges. It is possible for any user of Audimex to dump the whole Audimex database, giving visibility to password hashes of any user, ongoi...

CVE-2024-47062

Navidrome (

GHSA-58VJ-CV5W-V4V6 Navidrome has Multiple SQL Injections and ORM Leak

Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not properly...

Navidrome has Multiple SQL Injections and ORM Leak

Security Advisory: Multiple Vulnerabilities in Navidrome Summary Navidrome automatically adds parameters in the URL to SQL queries. This can be exploited to access information by adding parameters like password=... in the URL ORM Leak. Furthermore, the names of the parameters are not properly...

WordPress Custom-contact-forms Plugin SQL Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress custom-contact-forms Plugin SQL Upload', 'Description' = %q The WordPress custom-contact-forms plugin 'Marc-Alexandre Montpas',...

SQL Injection

Overview opencart/opencart is a shopping cart system Affected versions of this package are vulnerable to SQL Injection. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the...

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries - Unread Query' tab...

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries - Unread Query' tab...

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin...

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a special payload in the 'Doctor Specialization' field under the 'Go to Doctors' tab after logging in as an admin...

CVE-2020-26630

CVE-2020-26630 describes a Time-Based SQL Injection in Hospital Management System v4.0 where an attacker with admin login can cause the application to dump database information via a payload in the Doctor Specialization field (Go to Doctors). The root cause is an injectable input in that field wh...

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can allow an attacker to dump database information via a crafted payload entered into the 'Admin Remark' parameter under the 'Contact Us Queries - Unread Query' tab...

CVE-2023-6114 Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is...

CVE-2023-5008

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

CVE-2023-5008

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control...

CVE-2023-5008

CVE-2023-5008 affects the Student Information System v1.0. The unauthenticated SQL injection flaw is in the regno parameter of index.php, allowing an external attacker to dump all database contents and bypass login. CVSS v3.1: 9.8 (Network, Low attack complexity, No privileges, No user interactio...

PT-2023-31470 · Unknown · Student Information System

Name of the Vulnerable Software and Affected Versions: Student Information System version 1.0 Description: The issue is related to an unauthenticated SQL Injection vulnerability. This vulnerability is located in the regno parameter of the "index.php" page, allowing an external attacker to dump al...

Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure

Description The plugin does not disallow listing the backups-dup-lite/tmp directory or the backups-dup-pro/tmp directory in the Pro version, which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to...