CVE-2025-8122 Blind SQL Injection in PAD CMS

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability...

CVE-2025-11089 kidaze CourseSelectionSystem COUNT3s4.php sql injection

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This impacts an unknown function of the file /Profilers/PriProfile/COUNT3s4.php. Executing manipulation of the argument cbranch can lead to sql injection. It is possible to launch the...

CVE-2025-59816

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

CVE-2025-60109

CVE-2025-60109 affects the LambertGroup AllInOne Content Slider WordPress plugin. The issue is an improper neutralization of user input in an SQL query, enabling Blind SQL Injection. Impact is high for confidentiality (C:H) and low to moderate for availability, with CVSS v3.1 base score 8.5. Affe...

CVE-2025-10036

The FIFU (Featured Image from URL) WordPress plugin is affected by an authenticated SQL Injection vulnerability in get_all_urls() for versions up to and including 5.2.7. An Administrator+ attacker can inject additional SQL into existing queries to exfiltrate data. Patch information from connected...

CVE-2025-59816

This vulnerability allows attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords are stored in plaintext, significantly increasing the severity of this issue...

Zenitel ICX500和Zenitel ICX510 安全漏洞

Zenitel ICX500 and Zenitel ICX510 are both communication and control platforms from Zenitel Norway. A security vulnerability exists in the Zenitel ICX500 and Zenitel ICX510 that stems from an attacker's ability to directly query the underlying database, which could result in the retrieval of all...

PT-2025-39446

Name of the Vulnerable Software and Affected Versions Billing Admin affected versions not specified Description This issue enables attackers to directly query the underlying database, potentially retrieving all data stored in the Billing Admin database, including user credentials. User passwords...

E-Commerce Website Website /pages/admin_account_delete.php File SQL Injection Vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of the userid parameter in the file /pages/adminaccountdelete.php for externally entered SQL statements. An attacker can exploit this vulnerabilit...

Online Course Registration my-profile.php File SQL Injection Vulnerability

Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cgpa in the file /my-profile.php. An attacker can exploit thi...

CVE-2025-10791 code-projects Online Bidding System index.php sql injection

A weakness has been identified in code-projects Online Bidding System 1.0. This impacts an unknown function of the file /administrator/index.php. This manipulation of the argument aduser causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available t...

PT-2025-38710

Name of the Vulnerable Software and Affected Versions code-projects Online Bidding System version 1.0 Description A flaw exists in code-projects Online Bidding System 1.0 within the file /administrator/bidupdate.php. Manipulation of the ID argument can lead to SQL injection. This issue is remotel...

PHPGurukul Park Ticketing Management System 安全漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from a lack of validation of the fromdate parameter in the file foreigner-bwdates-reports-details.php against an externally entered SQL...

PT-2025-38628

Name of the Vulnerable Software and Affected Versions ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress versions prior to 2.5.1 Description The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link...

CVE-2025-59431

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the PropertyName directive in XML Filter Query processing. An attacker can manipulate backend database queries by injecting specially crafted input containing double quote characters. Remediation Upgrade mapserver to...

CVE-2025-10673 itsourcecode Student Information Management System index.php sql injection

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-10667 itsourcecode Online Discussion Forum compose_msg.php sql injection

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/composemsg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2024-13151

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service Software allows SQL Injection. This issue affects Auto Service Software: before v.2025.10.01...

CVE-2025-10621 SourceCodester Hotel Reservation System editroomimage.php sql injection

A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. The affected element is an unknown function of the file editroomimage.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...