CVE-2024-44633

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php...

CVE-2025-64084

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. The vuccdetailsajax function in application/controllers/Awards.php does not properly sanitize the user-supplied Gridsquare POST parameter. This allows a remote, authenticated attacker to execute arbitrary SQL...

CVE-2025-12620

CVE-2025-12620 affects the WordPress plugin Poll Maker – Versus Polls, Anonymous Polls, Image Polls (versions up to and including 6.0.7). The root cause is insufficient escaping and inadequate preparation of the SQL query used with the filterbyauthor parameter, enabling an authenticated attacker ...

e-Excellence U-Office Force SQL注入漏洞

e-Excellence U-Office Force is an e-Office platform from China-based First Class Technology e-Excellence. An SQL injection vulnerability exists in e-Excellence U-Office Force that originates from unvalidated input and could lead to an SQL injection attack...

CVE-2025-10968

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL Injection, SQL Injection.This issue affects PaperWork: from 6.1.0.9390 before 6.1.0.9398...

CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system from the SuiteCRM team. A SQL injection vulnerability exists in SuiteCRM versions 7.14.7 and earlier and versions 8.0.0-beta.1 through 8.9.0, which originates from an attacker who can construct a malicious callid parameter to manipulate SQL...

CVE-2025-52773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hiecor HieCOR Payment Gateway Plugin hcv4-payment-gateway allows SQL Injection.This issue affects HieCOR Payment Gateway Plugin: from n/a through = 1.5.11...

CVE-2022-50593

Advantech iView prior to v5.7.04 build 6425 exposes a SQL injection in the NetworkServlet search_term parameter (via SNMP management tool) that can lead to remote code execution with administrator privileges. Root cause appears to be unsanitized input allowing SQL statements to reach the backend....

CVE-2025-34244 Advantech WebAccess/VPN < 1.1.5 SQL Injection via AjaxFwRulesController.ajaxDeviceFwRulesAction()

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclosure of database information...

CVE-2025-60239 WordPress CoSchool LMS plugin <= 1.4.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

Exploit for OS Command Injection in Nestjs Devtools-Integration

PoC exploit for CVE-2025-54782, a vulnerability in an unspecifie...

PT-2025-45042

Name of the Vulnerable Software and Affected Versions GLPI Inventory Plugin versions 1.5.0 and below Description The GLPI Inventory Plugin, which manages network discovery, inventory, software deployment, and data collection for GLPI agents, contains a SQL Injection issue. The plugin is vulnerabl...

cafeorder_vuln_SQL

cafeordervulnSQL Proof-of-Concept and Advisory for Simple Ca...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 5.2.4, which stems from user-supplied search...

PT-2025-44207

Name of the Vulnerable Software and Affected Versions Taiga versions prior to 6.9.0 Description Taiga, an open source project management platform, has an issue in its API. Versions 6.8.3 and earlier are susceptible to time-based blind SQL injection, potentially leading to the disclosure of...

CVE-2025-11893

The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to SQL Injection via the donationids parameter in all versions up to, and including, 1.8.8.4 due to insufficient escaping on the user supplied parameter and lack of...

Ivanti Endpoint Manager SQL Injection Vulnerability (CNVD-2025-24269)

Ivanti Endpoint Manager is a unified endpoint management solution for the enterprise that is designed to centrally manage all types of devices including Windows, macOS, Linux, ChromeOS and IoT devices within an organization, covering OS deployment, software distribution, remote control and more. ...

CVE-2025-61675 FreePBX Endpoint Manager vulnerable to authenticated SQL injection in multiple configuration parameters

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the...

EUVD-2025-34101

SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...