CodeAstro Real Estate Management System SQL注入漏洞

CodeAstro Real Estate Management System is a real estate management system from CodeAstro. A SQL injection vulnerability exists in CodeAstro Real Estate Management System version 1.0, which originates from an incorrect operation of the file /register.php resulting in SQL injection...

CloudClassroom-PHP-Project SQL注入漏洞

CloudClassroom-PHP-Project is a cloud classroom website by the individual developer Vishal Mathur. A security vulnerability exists in CloudClassroom-PHP-Project v1.0 that stems from insufficient validation of the parameter pass input in the registrationform endpoint, which could lead to an SQL...

Aem Solutions CMS 注入漏洞

Aem Solutions CMS is a software for content management from Aem Solutions, USA. An injection vulnerability exists in Aem Solutions CMS version 1.0 and prior versions, which stems from SQL injection due to incorrect manipulation of the parameter ID in the file /page.php...

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the CreateBackup method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to bypass security restrictions,...

The vulnerability of the Service Account Audit Data component of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the “Service Account Audit Data” component of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker,...

CVE-2025-40665

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in /GIMWeb/PC/frmCorrectivosList.aspx...

CVE-2024-51101

PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php...

CVE-2025-0861

The VR-Frases collect & share quotes plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file printpayroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-48357

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2022-25650

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...

CVE-2022-4151

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive...

CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-3395

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

CVE-2025-47937

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

CVE-2016-10939

The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter...

Human Metapneumovirus Testing Management System /edit-phlebotomist.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter...

Zoo Management System /admin/edit-animal-details.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aname in the file /admin/edit-animal-details.php. An attacker can exploit this...