CVE-2025-50189

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

CVE-2025-50189 Chamilo: Error-based SQL Injection

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resourcedocumentSQLINJECTIONHERE and POST login parameters found in /main/coursecopy/copycoursesessionselected.php, which allows an attack...

CVE-2025-50189

Chamilo LMS prior to 1.11.30 is vulnerable to an error-based SQL injection arising from insufficient validation of user-supplied data in POST resource[document][SQL_INJECTION_HERE] and in POST login parameters at /main/coursecopy/copy_course_session_selected.php. The vulnerability can allow an at...

EUVD-2025-208157

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2025-50188

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2025-50188

CVE-2025-50188 affects Chamilo LMS prior to version 1.11.30. The vulnerability arises from insufficient validation of user-supplied data in GET parameters for the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php , enabling an attacker to alter database query log...

CVE-2025-12462

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Injection. This issue was fixed in versions above 8.0...

CVE-2025-10350 SQL injection in CGM NETRAAD

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

EUVD-2025-208145

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

CVE-2025-10350 SQL injection in CGM NETRAAD

SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions before 7.9....

CVE-2026-3413

A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /adminsinglestudent.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may...

CVE-2026-3413 itsourcecode University Management System admin_single_student.php sql injection

A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /adminsinglestudent.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may...

CVE-2026-3410

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checkstudid.php. Executing a manipulation of the argument studentid can lead to sql injection. The attack may be launched remotely. The explo...

CVE-2026-3410

CVE-2026-3410 affects itsourcecode Society Management System 1.0. The vulnerability resides in an unknown functionality of /admin/check_studid.php, where manipulating the student_id parameter enables SQL injection. Exploitation is described as possible remotely and publicly available, with high-s...

EUVD-2026-9143

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/checkstudid.php. Executing a manipulation of the argument studentid can lead to sql injection. The attack may be launched remotely. The explo...

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

CVE-2026-3406 projectworlds Online Art Gallery Shop Registration registration.php sql injection

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

[SECURITY] Fedora 42 Update: pgadmin4-9.12-2.fc42

pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...

SUSE CVE-2025-67733

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same...

WordPress plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...