PT-2025-16866 · Unknown · Telecontrol Server Basic

Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: The issue allows an authenticated remote attacker to bypass authorization controls, read from and write to the application's database, and execute code with "NT...

PT-2025-16372 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzuCMS version 1.0 Description: A SQL Injection issue allows an attacker to execute arbitrary code due to improper filtering of content at the "operateOrder.php" id parameter. This enables the attacker to inject malicious SQL code,...

📄 NEWS-BUZZ 1.0 SQL Injection

NEWS-BUZZ version 1.0 suffers from a remote SQL injection vulnerability. Exploit Title: NEWS-BUZZ News Management System - SQL Injection Google Dork: N/A Exploit Author: egsec Date: 2024-11-03 Vendor Homepage: https://code-projects.org Software Link:...

PT-2025-16049 · Unknown · N-Media Bulk Product Sync

Name of the Vulnerable Software and Affected Versions: N-Media Bulk Product Sync versions n/a through 8.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Exploit Title: LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection Google Dork: inurl:"/wp-json/learnpress/v1/" OR inurl:"/wp-content/plugins/learnpress/" OR "powered by LearnPress" AND "version 4.2.7" Date: Current Date, e.g., October 30, 2024 Exploit Author: Your Name or Username Vendor...

e-Diary Management System view-note.php File SQL Injection Vulnerability

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter mark of the view-note.php file. An attacker can exploit...

PT-2025-15381

Name of the Vulnerable Software and Affected Versions: 3DPrint Lite plugin for WordPress versions up to, and including, 2.1.3.6 Description: The issue allows unauthenticated attackers to perform SQL Injection via the coating text parameter due to insufficient escaping of user-supplied input and...

PHPGurukul e-Diary Management System 安全漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the logindetail parameter of the login.php file. An attacker can...

PHPGurukul e-Diary Management System 注入漏洞

The e-Diary Management System is an electronic diary management system. The e-Diary Management System suffers from a SQL injection vulnerability that originates from a missing validation of externally entered SQL statements in the parameter username/contactno of the password-recovery.php file. An...

CVE-2025-31561

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Ultimate Push Notifications ultimate-push-notifications allows SQL Injection.This issue affects Ultimate Push Notifications: from n/a through = 1.2.0...

BIT-DOLIBARR-2024-5314 Multiple vulnerabilities in DOLIBARR's ERP CMS

Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in...

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

PT-2025-14433 · WordPress · Wp Autokeyword

Name of the Vulnerable Software and Affected Versions: WP AutoKeyword versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, which allows attackers to inject malicious SQL commands. This is due to the improper neutralization of special elements used in an SQ...

PT-2025-14064 · Joomsky · Joomsky Js Help Desk

Name of the Vulnerable Software and Affected Versions: JoomSky JS Help Desk versions 2.9.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows unauthorized SQL commands to be execute...

PT-2025-14424 · Rsvpmaker · Rsvpmaker

Name of the Vulnerable Software and Affected Versions: RSVPMarker versions n/a through 11.4.8 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

CVE-2025-30367

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.6 in the nextPage parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information...

CVE-2025-30367

WeGIA (web manager for charitable institutions) has a SQL injection in the nextPage parameter of /WeGIA/controle/control.php for versions before 3.2.6. The root cause is unsafeguarded SQL query construction, allowing attackers to access database metadata and sensitive data. Version 3.2.6 contains...

PT-2025-13067 · WordPress · Wp Subscription Forms

Name of the Vulnerable Software and Affected Versions: WP Subscription Forms versions 1.2.3 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2025-13060 · Wpguppy · Wpguppy

Name of the Vulnerable Software and Affected Versions: WPGuppy versions 1.1.3 and earlier Description: The issue is related to an SQL Injection vulnerability, which allows attackers to exploit the system. This is due to the improper neutralization of special elements used in an SQL command...

CVE-2024-29202

JumpServer is an open source bastion host and an operation and maintenance security audit system. Attackers can exploit a Jinja2 template injection vulnerability in JumpServer's Ansible to execute arbitrary code within the Celery container. Since the Celery container runs with root privileges and...