Lucene search
K

484 matches found

OSV
OSV
added 2025/12/26 3:15 p.m.5 views

CVE-2025-66947

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

6.5CVSS5.9AI score0.00259EPSS
Exploits2References1
NVD
NVD
added 2025/12/26 3:15 p.m.4 views

CVE-2025-66947

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

6.5CVSS0.00259EPSS
Exploits2References1
EUVD
EUVD
added 2025/12/26 12:0 a.m.10 views

EUVD-2025-205435

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

6.5CVSS7.5AI score0.00259EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/12/26 12:0 a.m.22 views

CVE-2025-66947

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

0.00259EPSS
Exploits2References1
CVE
CVE
added 2025/12/26 12:0 a.m.12 views

CVE-2025-66947

CVE-2025-66947 affects krishanmuraiji SMS v1.0. The flaw is a time-based SQL injection in /studentms/admin/edit-class-detail.php via the editid GET parameter, where unvalidated input can trigger SQL SLEEP() delays to infer database contents. Exploitation could lead to full database disclosure or ...

6.5CVSS7.6AI score0.00259EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/26 12:0 a.m.4 views

CVE-2025-66947

SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP to infer database contents. Successful exploitation may lead to full database compromise, especially...

7.6AI score0.00259EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/12/18 10:37 p.m.5 views

CVE-2025-68112

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS8.1AI score0.00371EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/17 9:38 p.m.13 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS0.00371EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/17 9:38 p.m.6 views

EUVD-2025-203987

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS7.5AI score0.00371EPSS
Exploits1References1
CVE
CVE
added 2025/12/17 9:38 p.m.16 views

CVE-2025-68112

ChurchCRM (open-source church management system) has a SQL injection vulnerability in the Event Attendee Editor (and Event Participant Editor) affecting versions prior to 6.5.3. The issue allows authenticated users to submit arbitrary SQL, enabling complete database compromise, extraction of sens...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 9:38 p.m.2 views

CVE-2025-68112 ChurchCRM has SQL injection in EditEventAttendees.php

ChurchCRM is an open-source church management system. In versions prior to 6.5.3, a SQL injection vulnerability in ChurchCRM's Event Attendee Editor allows authenticated users to execute arbitrary SQL commands, leading to complete database compromise, administrative credential theft, and potentia...

9.6CVSS7.7AI score0.00371EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.7 views

PT-2025-51930

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection flaw exists in the Event Attendee Editor. This allows authenticated users to execute arbitrary SQL commands, potentially leadin...

9.6CVSS7.9AI score0.00371EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2025/12/16 12:0 a.m.202 views

📄 HighCMS 12.x SQL Injection

HighCMS version 12.x remote SQL injection proof of concept exploit written in Python. ============================================================================================================================================= | Title : HighCMS v12.x SQL Injection Exploit | | Author : indoushka ...

8.2AI score
Exploits0
Veracode
Veracode
added 2025/12/13 6:24 a.m.5 views

SQL Injection

phpMyFAQ is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of inputs in the main configuration update functionality, which allows a privileged attacker with configuration edit permissions to execute arbitrary SQL commands and compromise the database...

7.2CVSS6.1AI score0.00712EPSS
Exploits1References4Affected Software2
Packet Storm
Packet Storm
added 2025/12/12 12:0 a.m.209 views

📄 Elementor Website Builder SQL Injection

Proof of concept exploit that demonstrates a remote SQL injection vulnerability in Elementor Website Builder versions prior 3.12.2. ============================================================================================================================================= | Title : Elementor...

7.2CVSS8.2AI score0.19695EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2025/12/11 8:53 p.m.6 views

CVE-2025-65950

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

9.4CVSS7.7AI score0.00462EPSS
Exploits3References1
EUVD
EUVD
added 2025/12/10 8:39 p.m.7 views

EUVD-2025-202607

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

9.4CVSS7.1AI score0.00462EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50504

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.5 Description WBCE CMS is a content management system. Versions 1.6.4 and below contain a flaw in the user management module that allows a low-privileged authenticated user with user modification permissions to...

9.4CVSS7.2AI score0.00462EPSS
Exploits3References5
SUSE CVE
SUSE CVE
added 2025/11/22 12:23 a.m.5 views

SUSE CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

6.5CVSS8.5AI score0.0025EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/21 12:18 a.m.9 views

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

6.5CVSS8.3AI score0.00233EPSS
Exploits0References1
Rows per page
Query Builder