Code-Projects Responsive Blog Site 注入漏洞

Code-Projects Responsive Blog Site is a responsive blog site from Code-Projects open source. Code-Projects Responsive Blog Site version 1.0 suffers from an injection vulnerability that stems from SQL injection due to incorrect manipulation of the parameter ID in the file /category.php...

Code-Projects E-Commerce Site Security Vulnerability

Code-Projects E-Commerce Site is an e-commerce site of Code-Projects open source. A security vulnerability exists in version 1.0 of the code-projects Library System, which stems from improper manipulation of the parameter idn in the file /teacher-issue-book.php, which could lead to an SQL injecti...

Library System profile.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

Inventory Management System orders.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. The Inventory Management System suffers from a SQL injection vulnerability that originates from a parameter i in the file /orders.php that is not securely filtered. An attacker can exploit this vulnerability by remotely injecting...

Code-Projects Daily Expense Manager SQL注入漏洞

Daily Expense Manager is a daily expense management system. Daily Expense Manager suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the parameters pname, pprice, and id in the file /update.php. No details of the vulnerabilit...

PHPGurukul Zoo Management System 注入漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-normal-ticket.php. An attacker can exploit this...

GHSA-VH5J-5FHQ-9XWG Taylor has race condition in /get-patch that allows purchase token replay

Hi team, I was looking at the recent fix and you limited the exploitability of race conditions but unfortunately it is still possible to exploit the issue since two requests happening at the exact same time will still go through. You should be able to completely fix the race conditions by...

Online Shoe Store admin_football.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminfootball.php. The vulnerability can be exploited to execute...

Online Shoe Store admin_product.php File SQL Injection Vulnerability

Online Shoe Store is an online shoe store system. Online Shoe Store suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter pid in the file /admin/adminproduct.php. An attacker can exploit this vulnerability to...

Simple Online Hotel Reservation System add_account.php File SQL Injection Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. Simple Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter name/adminid in the file...

Directory Management System search-directory.php File SQL Injection Vulnerability

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /admin/search-directory.php. An attacker can...

Chat System confirm_password.php File SQL Injection Vulnerability

Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter cid in the file /user/confirmpassword.php. An attacker can exploit this vulnerability to execute illegal SQL...

Code-Projects Client Details System 注入漏洞

Client Details System is a client information system. Client Details System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Username in file /clientdetails/admin/index.php. An attacker can exploit this...

CloudClassroom-PHP-Project 安全漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project version 1.0, which stems from a SQL injection vulnerability in loginlinkadmin.php that could lead to bypassing authentication...

CVE-2025-6156

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument testtype leads to sql injection. The attack can be...

Notice Board System search-notice.php File SQL Injection Vulnerability

Notice Board System is a bulletin board system. The Notice Board System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /search-notice.php. An attacker can exploit this vulnerability to...

Employee Record Management System /editmyexp.php File SQL Injection Vulnerability

Employee Record Management System is an employee record management system. Employee Record Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter emp3workduration in the file /editmyexp.php. An...

CVE-2025-30507

CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections...

VulnCheck KEV: CVE-2022-25488

Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php...

QNAP Qsync Central SQL注入漏洞

QNAP Qsync Central is a cloud-based file synchronization service on NAS from Taiwan, China-based QNAP. QNAP Qsync Central suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit the vulnerabili...