CVE-2025-14589 code-projects Prison Management System search.php sql injection

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made...

CVE-2025-14588

CVE-2025-14588 affects itsourcecode Student Management System 1.0. The vulnerable component is the file /update_program.php , where manipulation of the argument ID leads to a SQL injection . Exploitation is possible remotely, and public exploits have been released. The NVD/CNA metrics indicate hi...

CVE-2025-14588 itsourcecode Student Management System update_program.php sql injection

A security flaw has been discovered in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /updateprogram.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-14169

The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on th...

CVE-2025-10289 Filter & Grids <= 3.2.0 - Unauthenticated SQL Injection

The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-10738 URL Shortener Plugin For WordPress <= 3.0.7 - Unauthenticated SQL Injection

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

SQL Injection

phpMyFAQ is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of inputs in the main configuration update functionality, which allows a privileged attacker with configuration edit permissions to execute arbitrary SQL commands and compromise the database...

SQL Injection

nukeviet/nukeviet is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the topicsid parameter in modules/news/admin/addtotopics.php, which allows an attacker to execute malicious SQL queries through crafted input...

Insecure Storage Of Sensitive Information

Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...

SQL Injection

io.dataease, dataease-plugin-common is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the dataSourceId parameter, which allows an attacker to inject and execute arbitrary SQL queries...

Remote Code Execution (RCE)

MySQL Connector/J is vulnerable to Remote Code Execution RCE. The vulnerability is due to an unspecified flaw in Connector/J that allows an unauthenticated attacker with network access to compromise the connector through user interaction, potentially resulting in complete takeover of the affected...

Spoofing

Microsoft JDBC Driver for SQL Server is vulnerable to Spoofing. The vulnerability is due to improper input validation, allowing an unauthorized network attacker to spoof identities or responses during communication with the SQL Server...

Exploit for CVE-2025-66947

CVE-2025-66947 SQL Injection in krishanmuraiji SMS v1.0 CVE-2...

CVE-2025-13077

CVE-2025-13077 concerns the WordPress plugin “payamito-sms-woocommerce” (Payamito SMS for WooCommerce). Connected sources confirm a time-based blind SQL Injection via the columns parameter affecting all versions up to and including 1.3.5, caused by insufficient escaping of user input and lack of ...

CVE-2025-13334

The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized database resets and file deletion due to a missing capability check on the "blazedemoimporterinstalldemo" function in all versions up to, and including, 1.0.13. This makes it possible for authenticated attackers, with...

CVE-2025-13089

CVE-2025-13089 (WP Directory Kit) : WordPress plugin is vulnerable to unauthenticated SQL Injection via parameters hide_fields and attr_search in all versions up to 1.4.7 due to insufficient escaping and lack of prepared statements. Exploitation could allow an attacker to append SQL to existing q...

CVE-2025-13089 WP Directory Kit <= 1.4.7 - Unauthenticated SQL Injection

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'hidefields' and the 'attrsearch' parameter in all versions up to, and including, 1.4.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

EUVD-2025-203175

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and...

WordPress plugin Design Import/Export SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

PT-2025-51090

Name of the Vulnerable Software and Affected Versions URL Shortener Plugin For WordPress versions through 3.0.7 Description The URL Shortener Plugin For WordPress is susceptible to SQL Injection due to inadequate input validation and query preparation. Specifically, the analytic id parameter is n...