1369 matches found
CVE-2025-30059
In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection...
CVE-2025-30061
In the "utils/Reporter/OpenReportWindow.pl" service, there is an SQL injection vulnerability through the "UserID" parameter...
SourceCodester Water Billing System 安全漏洞
SourceCodester Water Billing System is an open source water billing system from SourceCodester. A security vulnerability exists in SourceCodester Water Billing System version 1.0, which is caused by a SQL injection due to incorrect manipulation of the parameter ID in the file /viewbill.php...
Linux Distros Unpatched Vulnerability : CVE-2017-1000031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in graphtemplatesinputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graphtemplateinputid a...
ROS-20250829-03
A vulnerability in the Golang programming language is related to a race condition when canceling a database query. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
CVE-2025-30060
In the ReturnUserUnitsXML.pl service, the "getUserInfo" function is vulnerable to SQL injection through the "UserID" parameter...
CVE-2025-9510 itsourcecode Apartment Management System addbranch.php sql injection
A security vulnerability has been detected in itsourcecode Apartment Management System 1.0. The affected element is an unknown function of the file /branch/addbranch.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclos...
Linux Distros Unpatched Vulnerability : CVE-2023-24258
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the oups parameter. This vulnerability allows attackers to execute arbitrary...
itsourcecode Apartment Management System 安全漏洞
Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /complain/addcomplain.php. An attacker can exploit...
PT-2025-34342 · Uniong · Webitr
Name of the Vulnerable Software and Affected Versions: WebITR affected versions not specified Description: WebITR developed by Uniong is susceptible to a SQL Injection issue. This allows unauthenticated remote attackers to inject arbitrary SQL commands, potentially leading to the unauthorized...
CVE-2025-9155
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Impacted is an unknown function of the file /user/forgetpassword.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to...
SourceCodester Online Bank Management System 安全漏洞
SourceCodester Online Bank Management System is a SourceCodester open source online bank management system. A security vulnerability exists in SourceCodester Online Bank Management System version 1.0, which is caused by SQL injection due to incorrect manipulation of parameter IDs...
CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations
Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...
CVE-2025-54726 WordPress JS Archive List Plugin < 6.1.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Miguel Useche JS Archive List allows SQL Injection. This issue affects JS Archive List: from n/a through n/a...
Online Shopping Portal Project signup.php File SQL Injection Vulnerability
Online Shopping Portal Project is an online shopping portal project. A SQL injection vulnerability exists in Online Shopping Portal Project, which originates from the lack of validation of externally entered SQL statements in the parameter emailid in the file /shopping/signup.php. An attacker can...
Visitor Management System front.php File SQL Injection Vulnerability
Visitor Management System is a visitor access management system. The Visitor Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /front.php. An attacker can exploit this...
Beauty Parlour Management System book-appointment.php File SQL Injection Vulnerability
Beauty Parlour Management System is a software system for standardizing salon business processes and improving management efficiency. Beauty Parlour Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of externally entered SQL statements in t...
PT-2025-34075
Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. Prior to versions 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted...
CVE-2025-7662
The Gestion de tarifs plugin for WordPress is vulnerable to SQL Injection via the 'tarif' and 'intitule' shortcodes in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2025-9011
A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been...