CVE-2025-66396 ChurchCRM has SQL Injection in User Editor via `type` Parameter Key

ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the src/UserEditor.php file. When an administrator saves a user's configuration settings, the keys of the type POST parameter array are not properly sanitized or type-casted befor...

EUVD-2025-203900

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

DEM-Bravo

DEM — Docker Exploit Mapper Welcome to DEM, a fully cont...

CVE-2025-67285

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

CVE-2025-14780

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

CVE-2025-67737

AzuraCast is a self-hosted, all-in-one web radio management suite. Versions 0.23.1 mistakenly include an API endpoint that is intended for internal use by the SFTP software sftpgo, exposing it to the public-facing HTTP API for AzuraCast installations. A user with specific internal knowledge of a...

Unity Linux 20.1060a / 20.1070a Security Update: util-linux (UTSA-2025-991271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991271 advisory. A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the setpwnam function,...

PT-2025-51928

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. Versions prior to 6.5.3 may disclose database information in an error message, including the host, IP address, username, and password...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements for the PersonAddress parameter in the src/CartToFamily.php file. No details of the vulnerability are provided at...

PHPJabbers Simple CMS SQL注入漏洞

PHPJabbers Simple CMS is a PHPJabbers open source content management system. A SQL injection vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from a SQL injection in the column parameter of the index.php endpoint, which may result in database information being extracted...

itsourcecode Online Cake Ordering System SQL注入漏洞

itsourcecode Online Cake Ordering System is an online cake ordering system of itsourcecode open source. A SQL injection vulnerability exists in version 1.0 of itsourcecode Online Cake Ordering System, which stems from incorrect manipulation of the parameter ID in the file...

ChurchCRM 安全漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a code execution vulnerability that stems from the database restore feature not validating the content or extension of uploaded files, which can be exploited by an attacker to cause remote code execution...

ChurchCRM 安全漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from an information disclosure vulnerability that originates from the disclosure of database information in an error message, which can be exploited by an attacker to cause the disclosure of database information, including...

ChurchCRM SQL注入漏洞

ChurchCRM is an open source church management system. ChurchCRM suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the event participant editor. An attacker can exploit the vulnerability to cause a full database disclosure and...

PT-2025-51869

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the src/UserEditor.php file. When an administrator saves a user’s configuration settings, the keys of the type...

PT-2025-51978

Name of the Vulnerable Software and Affected Versions code-projects Simple Stock System version 1.0 Description A weakness exists in code-projects Simple Stock System 1.0. This issue affects an unknown function within the /checkuser.php file. Manipulation of the Username argument can lead to SQL...

PT-2025-51964

Name of the Vulnerable Software and Affected Versions PHPJabbers Simple CMS version 5.0 Description The software contains a SQL injection issue in the 'column' parameter. Attackers can inject crafted SQL payloads through the 'column' parameter in the ''index.php'' endpoint to potentially extract ...

PT-2025-51972

Name of the Vulnerable Software and Affected Versions code-projects Online Appointment Booking System version 1.0 Description A security flaw exists in code-projects Online Appointment Booking System 1.0. The issue involves SQL injection resulting from manipulation of the clinic argument within t...

PT-2025-51927

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. The Database Restore functionality does not validate the content or file extension of uploaded files. This allows an attacker to upload a web...

PT-2025-51930

Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection flaw exists in the Event Attendee Editor. This allows authenticated users to execute arbitrary SQL commands, potentially leadin...