CVE-2025-52474 WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from an SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete information in the back-end database...

DEBIAN-CVE-2025-38037

In the Linux kernel, the following vulnerability has been resolved: vxlan: Annotate FDB data races The 'used' and 'updated' fields in the FDB entry structure can be accessed concurrently by multiple threads, leading to reports such as 1. Can be reproduced using 2. Suppress these reports by...

PT-2025-26207 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.2 Description: A SQL Injection issue was identified in the id parameter of the "/WeGIA/controle/control.php" endpoint, allowing attackers to manipulate SQL queries and access sensitive database information, such as...

SQL Injection Vulnerabilities in Various ABB Products (CNVD-2025-13770)

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

Dmacroweb DM Corporative CMS SQL Injection Vulnerability (CNVD-2025-14357)

Dmacroweb DM Corporative CMS is a content management system from the Spanish company Dmacroweb. Dmacroweb DM Corporative CMS suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cod in the file...

SQL Injection Vulnerabilities in Various ABB Products

ABB ASPECT-Enterprise is a scalable building energy management and control solution.ABB NEXUS Series is a monitoring and control management system.ABB MATRIX Series is an embedded IoT ASPECT control engine designed to provide flexible field control for medium to large field control applications. ...

CVE-2025-6169 HAMASTAR Technology WIMP website co-construction management platform - SQL Injection

The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

PT-2025-25524 · Wimp · Wimp

Name of the Vulnerable Software and Affected Versions: WIMP website co-construction management platform affected versions not specified Description: The issue allows unauthenticated remote attackers to inject arbitrary SQL commands, enabling them to read, modify, and delete database contents. Thi...

CVE-2025-5487

The CVE-2025-5487 entry covers AutomatorWP (WordPress) with a time-based SQL Injection via the field_conditions parameter. Root cause is insufficient escaping and poor SQL query preparation, allowing authenticated Administrators (and higher) to append queries to extract data. Connected patches in...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

Dairy Farm Shop Management System /add-company.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter companyname in the file...

CVE-2025-40657

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp...

CVE-2025-40654

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp...

CVE-2025-40656 SQL injection vulnerability in DM Corporative CMS

A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp...

PT-2025-24639 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the name parameter in the "/antcatalogue.as...

PT-2025-24511 · Woocommerce · Holest Engineering Spreadsheet Price Changer

Name of the Vulnerable Software and Affected Versions: Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light versions n/a through 2.4.37 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in ...

WordPress plugin Infility Global SQL注入漏洞

WordPress Infility Global is a plugin for managing the global settings of your WordPress website. WordPress Infility Global suffers from a SQL injection vulnerability. The vulnerability stems from improper neutralization of special elements and can be exploited by an attacker to read or modify...

PT-2025-24484 · WordPress · Wp Lead Capturing Pages

Name of the Vulnerable Software and Affected Versions: kamleshyadav WP Lead Capturing Pages versions prior to 2.3 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...