CVE-2025-43949

MuM aka Mensch und Maschine MapEdit aka mapedit-web 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server...

PT-2025-17581 · Mensch Und Maschine · Mum Mapedit

Name of the Vulnerable Software and Affected Versions: MuM aka Mensch und Maschine MapEdit aka mapedit-web version 24.2.3 Description: The issue allows an attacker to execute malicious SQL statements, controlling a web application's database server. This is due to a SQL Injection vulnerability...

PT-2025-17255 · Unknown · Pantherius Modal Survey

Name of the Vulnerable Software and Affected Versions: Pantherius Modal Survey versions through 2.0.2.0.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...

PT-2025-16970 · Unknown · Cwd – Stealth Links

Name of the Vulnerable Software and Affected Versions: CWD – Stealth Links versions n/a through 1.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in SQL commands. This allows for SQL Injection attacks. Recommendations:...

CVE-2024-55238

OpenMetadata

PT-2025-17149 · Unknown · Local Magic

Name of the Vulnerable Software and Affected Versions: Local Magic versions n/a through 2.6.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2025-32859

The CVE-2025-32859 entry concerns Siemens TeleControl Server Basic prior to version V3.1.2.2, which is vulnerable to SQL injection via the internal LockWebServerGatewaySettings method. An authenticated attacker who can reach port 8000 can bypass authorization and read/write the application databa...

SQL Injection Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a large enterprise digitalization platform that supports flexible deployment models of public, hybrid and proprietary clouds. A SQL injection vulnerability exists in NC Cloud of UFIDA Network Technology Corporation, which can be exploited by attackers to obtain sensitive information...

CVE-2025-32246 WordPress 1-Click Backup & Restore Database plugin <= 1.0.3 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Tim Nguyen 1-Click Backup & Restore Database 1-click-backup-restore-database-by-sunbytes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1-Click Backup & Restore Database: from n/a through = 1.0.3...

CVE-2024-12410

The Front End Users plugin for WordPress is vulnerable to SQL Injection via the 'UserSearchField' parameter in all versions up to, and including, 3.2.32 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...

PT-2025-14917 · Silvasoft · Silvasoft Boekhouden

Name of the Vulnerable Software and Affected Versions: Silvasoft boekhouden versions n/a through 3.0.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2025-31619

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through = 2.3.3...

BIT-DOLIBARR-2024-5315 Multiple vulnerabilities in DOLIBARR's ERP CMS

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters viewstatut in...

Payroll Management System SQL Injection Vulnerability (CNVD-2025-06475)

Payroll Management System is a payroll management system. A SQL injection vulnerability exists in Payroll Management System version 1.0 due to a lack of validation of externally entered SQL statements in the parameter emptype. An attacker can exploit this vulnerability to execute illegal SQL...

PT-2025-14755 · Unknown · Social Share/Social Locker

Name of the Vulnerable Software and Affected Versions: Social Share And Social Locker versions 1.4.2 and earlier Description: The issue is related to improper neutralization of special elements used in SQL commands, allowing Blind SQL Injection. This can be exploited due to the improper handling ...

AppSmith 1.47 - Remote Code Execution (RCE)

Exploit Title: AppSmith 1.47 - Remote Code Execution RCE Original Author: Rhino Security Labs Exploit Author: Nishanth Anand Exploit Date: April 2, 2025 Vendor Homepage: https://www.appsmith.com/ Software Link: https://github.com/appsmithorg/appsmith Version: Prior to v1.52 Tested Versions: v1.47...

PT-2025-14392 · Unknown · Next-Cart Store To Woocommerce Migration

Name of the Vulnerable Software and Affected Versions: Next-Cart Store to WooCommerce Migration versions 3.9.4 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

PT-2025-14425 · WordPress · Wpfactory Advanced Woocommerce Product Sales Reporting

Name of the Vulnerable Software and Affected Versions: WPFactory Advanced WooCommerce Product Sales Reporting versions 3.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

PT-2025-14427 · Unknown · M. Tuhin Ultimate Push Notifications

Name of the Vulnerable Software and Affected Versions: M. Tuhin Ultimate Push Notifications versions n/a through 1.1.8 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

CVE-2025-3011 PiExtract SOOP-CLM - SQL Injection

SOOP-CLM from PiExtract has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...