82199 matches found
CVE-2025-65354
Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...
CVE-2025-15002
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2023-53975
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...
CVE-2023-53975 Atom CMS 2.0 Unauthenticated SQL Injection via Admin Index Page
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...
CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...
CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...
CVE-2025-15015
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-15016
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15016
The CVE-2025-15016 entry relates to Ragic’s Enterprise Cloud Database, which is vulnerable due to a hard-coded cryptographic key that can be exploited by unauthenticated remote attackers to generate authentication data and log in as any user. Affected component: Ragic Enterprise Cloud Database (c...
EUVD-2025-204688
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-15016 Ragic|Enterprise Cloud Database - Hard-coded Cryptographic Key
Enterprise Cloud Database developed by Ragic has a Hard-coded Cryptographic Key vulnerability, allowing unauthenticated remote attackers to exploit the fixed key to generate verification information and log into the system as any user...
CVE-2025-14990
A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The explo...
CVE-2025-15015
The CVE-2025-15015 entry concerns Ragic’s Enterprise Cloud Database with an Arbitrary File Read via Relative Path Traversal. The vulnerability is exploitable by unauthenticated remote attackers and could allow downloading arbitrary system files. Multiple connected sources confirm the issue but do...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
EUVD-2025-204689
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-15015 Ragic|Enterprise Cloud Database - Arbitrary File Read
Enterprise Cloud Database developed by Ragic has a Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files...
CVE-2025-15004
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...
EUVD-2025-204678
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...
CVE-2025-15003
A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file adminvideo.php. Performing a manipulation of the argument eid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used...
CVE-2025-15004 DedeCMS freelist_main.php sql injection
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...