PT-2025-50604

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has bee...

PT-2025-50590

A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be...

PT-2025-50646

Name of the Vulnerable Software and Affected Versions Campcodes Retro Basketball Shoes Online Store version 1.0 Description A flaw exists in Campcodes Retro Basketball Shoes Online Store version 1.0 that allows for SQL injection. The issue is located in the file /admin/admin running.php within an...

PT-2025-50761

Name of the Vulnerable Software and Affected Versions xbtitFM version 4.1.18 Description The software contains an unauthenticated SQL injection issue. Remote attackers can manipulate database queries by injecting malicious SQL code through the msgid parameter. Crafted requests sent to the...

PT-2025-50759

Name of the Vulnerable Software and Affected Versions CSZCMS version 1.3.0 Description The software contains an authenticated SQL injection issue in the members view functionality. Authenticated attackers can manipulate database queries by injecting malicious SQL code through the view parameter...

PT-2025-50744

Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...

CSZCMS SQL注入漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A SQL injection vulnerability exists in CSZCMS version 1.3.0, which stems from a SQL injection in the member view feature that could lead to the extraction ...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2025-67644 LangGraph SQLite Checkpoint is vulnerable to SQL Injection via metadata filter key in checkpointer list method

LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB both sync and async, via aiosqlite. Versions 3.0.0 and below are vulnerable to SQL injection through the checkpoint implementation. Checkpoint allows attackers to manipulate SQL queries through...

CVE-2021-47704

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2020-36895

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36895

CVE-2020-36895 affects EIBIZ i-Media Server Digital Signage 3.8.0. The issue is an unauthenticated configuration disclosure that lets remote attackers access sensitive configuration files via direct object reference, specifically enabling retrieval of SiteConfig.properties through an HTTP GET req...

CVE-2020-36895 EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposi...

CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

CVE-2020-36887 SpinetiX Fusion Digital Signage 3.4.8 Unauthenticated Database Backup Disclosure

SpinetiX Fusion Digital Signage 3.4.8 contains an unauthenticated information disclosure vulnerability in the database backup directory. Attackers can access the /content/files/backups/ endpoint to download sensitive backup files containing user credentials and system information...

CVE-2025-65950 WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups[] Parameter

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

EUVD-2025-202607

WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively...

django: Django SQL injection

A potential SQL injection vulnerability has been discovered in the Django web framework. The methods QuerySet.filter, QuerySet.exclude, and QuerySet.get, and the class Q were subject to SQL injection when using a suitably crafted dictionary, with dictionary expansion, as the connector argument...

CVE-2025-60912

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

CVE-2025-63742

SQL Injection vulnerability in function setwxqyAction in file webmain/task/api/loginAction.php in Xinhu Rainrock RockOA 2.7.0 allowing attackers gain sensitive information, including administrator accounts, password hashes, database structure, and other critical data via the shouji and userid...