CVE-2025-65358

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

PT-2025-48740

Name of the Vulnerable Software and Affected Versions code-projects Online Medicine Guide version 1.0 Description The software is susceptible to a SQL Injection issue through the /login.php endpoint. The upass parameter is the entry point for this flaw. Recommendations Apply input validation and...

CVE-2025-65380

The CVE-2025-65380 entry concerns PHPGurukul Billing System 1.0 with a SQL Injection in admin/index.php, where the username parameter is concatenated into a backend SQL query. Multiple connected sources describe the vulnerability and confirm that an attacker could exploit it to run arbitrary SQL ...

CVE-2025-66313 ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter

ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP causes deterministic server-side delays, proving the value is incorporated into a SQL query without proper...

CVE-2025-63535

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...

ROS-20251125-12

Vulnerability of QuerySet and Q objects of Django web application development platform is related to failure to take measures to protect the SQL query structure when processing an argument with the connector keyword. Exploitation of the vulnerability could allow an attacker acting remotely to...

itsourcecode Online File Management System SQL注入漏洞

itsourcecode Online File Management System is a itsourcecode open source online file management system. A SQL injection vulnerability exists in itsourcecode Online File Management System version 1.0, which originates from a misuse of the parameter Username in file/ajax.php?action=login, which cou...

Access Control Bypass

Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Access Control Bypass via the handling of user-controlled parameters in sql.php. An attacker can...

CVE-2025-13422 freeprojectscodes Sports Club Management System change_s_pwd.php sql injection

A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/changespwd.php. Performing manipulation of the argument loginid results in sql injection. The attack may be initiated remotely. The exploit...

SourceCodester Train Station Ticketing System SQL注入漏洞

SourceCodester Train Station Ticketing System is SourceCodester open source a train station ticketing system. A SQL injection vulnerability exists in SourceCodester Train Station Ticketing System version 1.0, which stems from an incorrect manipulation of the parameter Username in the file...

EUVD-2025-197855

A vulnerability was found in Campcodes Supplier Management System 1.0. This affects an unknown part of the file /manufacturer/confirmorder.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be...

CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality

phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...

CVE-2025-13257

CVE-2025-13257 affects itsourcecode Inventory Management System 1.0, with the vulnerable element in /admin/user/index.php?view=edit. The issue is an SQL injection caused by manipulation of the ID parameter, exploitable remotely. Public exploits have been disclosed. Documented impact indicates hig...

CVE-2024-44644

PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection in manage-tickets.php via the frm_id and aremark parameters due to lack of input validation. Public descriptions from CNVD, RH, CNNVD and CVE records indicate an attacker could execute arbitrary SQL and potentially steal sensitive database d...

PT-2025-47108

A vulnerability has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /manufacturer/edit product.php. Such manipulation of the argument cmbProductUnit leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...

CVE-2024-44659

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php...

PT-2025-47177

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to a SQL Injection issue through the recover email parameter in the user password recover.php file. This allows for potential unauthorized acces...

PT-2025-47169

Name of the Vulnerable Software and Affected Versions Kashipara Ecommerce Website version 1.0 Description The Kashipara Ecommerce Website is susceptible to SQL Injection. The issue affects the user register.php file and involves the user email, username, user firstname, user lastname, and user...

PHPGurukul Small CRM 安全漏洞

Small CRM a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id and adminremark parameters of quote-details.php. An attacker can exploit this vulnerability to...

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in Projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter rollnumber in the file...