CVE-2025-59743

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

CVE-2025-59743 Multiple vulnerabilities in AndSoft's e-TMS

SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'...

CVE-2025-52042

In Frappe ERPNext 15.57.5, the function getrfqcontainingsupplier at erpnext/buying/doctype/requestforquotation/requestforquotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter...

CVE-2025-52043

CVE-2025-52043 affects Frappe ERPNext v15.57.5, where the import_coa() function in ERPNext’s chart_of_accounts_importer.py is vulnerable to SQL injection via the company parameter. This allows an attacker to extract database data. Connected sources corroborate a SQL injection in the import_coa fu...

Code-Projects Simple Scheduling System SQL注入漏洞

Simple Scheduling System is a simple scheduling system. Simple Scheduling System has a SQL injection vulnerability that originates from the starttime/endtime parameters in the /addtime.php file not being securely filtered. An attacker can exploit this vulnerability to execute malicious SQL comman...

CVE-2025-60110 WordPress AllInOne - Banner Rotator Plugin <= 3.8 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows SQL Injection.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

CVE-2025-40698

SQL injection vulnerability in Prevengos v2.44 by Nedatec Consulting. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a POST request using the parameters “mpsCentroin”, “mpsEmpresa”, “mpsProyecto”, and “mpsContrata” in...

WAGO Device Sphere和WAGO Solution Builder 访问控制错误漏洞

WAGO Device Sphere and WAGO Solution Builder are products of WAGO, a device management system, and WAGO Solution Builder, a project configuration and engineering platform. An Access Control Error vulnerability exists in WAGO Device Sphere and WAGO Solution Builder. The vulnerability arises from...

Code-Projects Online Bidding System SQL注入漏洞

Online Bidding System is an online bidding system. Online Bidding System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID in the file /administrator/wew.php. An attacker can exploit this vulnerability to...

1000 Projects Bookstore Management System SQL注入漏洞

1000 Projects Bookstore Management System is an open source bookstore management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Bookstore Management System version 1.0, which stems from an incorrect manipulation of the parameter unm in the file /login.php, which...

CVE-2025-40677

SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”...

CVE-2025-34205

Vasion Print formerly PrinterLogic Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 VA and SaaS deployments contains dangerous PHP dead code present in multiple Docker-hosted PHP instances. A script named /var/www/app/resetroot.php found in several containers...

CVE-2025-40677

CVE-2025-40677 describes an SQL injection in Summar Software’s Portal del Empleado. The vulnerability is triggered by a POST request to /MemberPages/quienesquien.aspx that supplies the parameter ctl00$ContentPlaceHolder1$filtroNombre, allowing an attacker to retrieve, create, update, and delete d...

CVE-2025-58462

OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...

CVE-2025-40692

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'...

CVE-2025-40690

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'teamid' parameter in the endpoint '/ofrs/admin/edit-team.php'...

CVE-2025-40692

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'...

CVE-2025-40692 SQL injection in PHPGurukul Online Fire Reporting System

SQL Injection in Online Fire Reporting System v1.2 by PHPGurukul. This vulnerability allows an attacker to retrieve, create, update and delete database via 'requestid' parameter in the endpoint '/ofrs/details.php'...

PT-2025-37170

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the mobilenumber, teamleadname...

PT-2025-37172

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection issue. An attacker can retrieve, create, update, and delete database information via the teamid parameter in the...