CVE-2025-8930

A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated...

WordPress School Management System for Wordpress plugin <= 93.2.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin School Management versions = 93.2.0...

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-9051

A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2025-8990 code-projects Online Medicine Guide browsemdcn.php sql injection

A vulnerability was determined in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /browsemdcn.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and ma...

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter phuname in the file /adphar.php. The vulnerability can be exploited to execute illegal SQL...

CVE-2025-8984

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/operations/expensecategory.php. The manipulation of the argument expensename leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2025-8955

A vulnerability has been found in PHPGurukul Hospital Management System 4.0. This vulnerability affects unknown code of the file /admin/edit-doctor.php. The manipulation of the argument docfees leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2025-33420 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A vulnerability exists in SourceCodester COVID 19 Testing Management System 1.0, affecting unknown code within the /bwdates-report-result.php file. Manipulation of the...

CVE-2025-8923 code-projects Job Diary edit-details.php sql injection

A vulnerability was determined in code-projects Job Diary 1.0. This vulnerability affects unknown code of the file /edit-details.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

Vehicle Management /filter1.php File SQL Injection Vulnerability

Vehicle Management is a vehicle management system. Vehicle Management suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter vehicle in file /filter1.php. An attacker can exploit this vulnerability to execute illegal...

CVE-2025-8773 Dinstar Monitoring Platform 甘肃省危险品库监控平台 login_getPasswordErrorNum.action sql injection

A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform 甘肃省危险品库监控平台 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/logingetPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible ...

CVE-2023-41522

Student Attendance Management System v1 was discovered to contain multiple SQL injection vulnerabilities in createStudents.php via the Id, firstname, and admissionNumber parameters...

CVE-2012-10047

CVE-2012-10047 concerns Cyclope Employee Surveillance Solution, version 6.x. A SQL injection flaw in the login flow (auth-login) arises because the username parameter is not properly sanitized, enabling an attacker to inject arbitrary SQL. According to connected documents, this can be leveraged t...

The vulnerability of the software tools for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security monitoring and analysis tools FortiAnalyzer and FortiAnalyzer Cloud, stems from the lack of protective measures for the SQL query structure. This allows attackers to exploit the system to disclose sensitive information.

The vulnerability of the software solutions for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions of FortiAnalyzer and FortiAnalyzer Cloud, is related to the lack of protective measures for the SQL quer...

CVE-2025-47907

CVE-2025-47907 refers to a race condition in the Go language database/sql Rows Scan path when a query is cancelled, which can overwrite results or raise errors if parallel queries are running. Connected advisories indicate Golang package fixes across multiple distributions (e.g., newer golang/gol...

CVE-2025-54788

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions and below, the InboundEmail module allows the arbitrary execution of queries in the backend database, leading to SQL injection. This can have wide-reaching implications on...

PT-2025-32235 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: SuiteCRM versions prior to 7.14.7 Description: SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. The InboundEmail module allows the arbitrary execution of queries in the backend database,...

The vulnerability in the WeGIA web manager’s script /html/funcionario/dependente_editarInfoPessoal.php allows a perpetrator to disclose confidential information, increase their privileges, or execute arbitrary code.

The vulnerability of the WeGIA web manager’s script /html/funcionario/dependenteeditarInfoPessoal.php is related to the lack of protection for the SQL query structure during the processing of the parameter idatendidofamiliares. Exploiting this vulnerability can allow an attacker to disclose...

The vulnerability of the WeGIA web manager, related to the failure to protect the SQL query structure, allows attackers to execute arbitrary SQL code.

The vulnerability of the WeGIA web manager is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...