738 matches found
PT-2026-1904
Name of the Vulnerable Software and Affected Versions themesuite Automotive Listings versions n/a through 18.6 Description An issue exists in themesuite Automotive Listings that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows a...
CVE-2025-1135
A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2025-1134
A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...
CVE-2026-0597 Campcodes Supplier Management System edit_profile.php sql injection
A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...
PT-2026-1021
Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to SQL injection. This could allow an attacker to gain unauthorized access to...
Sunbird Power IQ 安全漏洞
Sunbird Power IQ is a data center infrastructure management software from Sunbird, USA. A security vulnerability exists in Sunbird Power IQ version 9.2.0 that stems from an outdated API endpoint that does not properly validate input and could lead to manipulation of SQL queries...
CVE-2025-41013
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41013 SQL injection vulnerability in TCMAN GIM
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
TCMAN GIM SQL注入漏洞
TCMAN GIM is a management system from TCMAN, Spain. A SQL injection vulnerability exists in TCMAN GIM version v11 20250304, which originates from a SQL injection and could lead to database manipulation...
EUVD-2025-197978
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...
CVE-2025-41348
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...
CVE-2025-41348
WinPlus v24.11.27 by Informática del Este is affected by an SQL injection vulnerability. The issue stems from insufficient sanitization in the POST endpoint /WinplusPortal/ws/sWinplus.svc/json/getacumper_post, using parameters val1 and cont, which could enable an attacker to recover, create, upda...
EUVD-2025-38246
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...
CVE-2025-10870 SQL injection in DIAL's CentrosNet
SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...
CVE-2025-12293 SourceCodester Point of Sales category.php sql injection
A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...
CVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
CVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
CVE-2025-60783
There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...
CVE-2025-60783
Insight: CVE-2025-60783 describes a SQL injection in Restaurant Management System DBMS Project v1.0, exploitable via login.php. The root cause is improper handling of user-supplied input in login/auth logic, allowing crafted SQL to alter query logic and potentially access or modify database data....
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...