CVE-2025-14207 tushar-2223 Hotel-Management-System invoiceprint.php sql injection

A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack...

EUVD-2025-201613

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

PT-2025-49586

Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1 Description A SQL injection issue exists in the /php/api patient schedule.php component. Attackers can execute arbitrary SQL commands by manipulating the appointmentID...

CVE-2025-60912

CVE-2025-60912 affects phpIPAM v1.7.3 and describes a CSRF flaw in the database export path. The vulnerability is caused by the generate-mysql.php function under /app/admin/import-export/, which can allow a remote attacker to trigger large database dump downloads if an administrator has an active...

VulnCheck KEV: CVE-2025-58443

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a full SQL DB without credentials. A fix is...

phpIPAM 安全漏洞

phpIPAM is the phpIPAM open source suite of open source PHP and MySQL based IP address management applications IPAM. A security vulnerability exists in phpIPAM version v1.7.3, which stems from a lack of CSRF protection in the database export function, which could lead to a remote attacker...

Code-Projects Online Ordering System 安全漏洞

Online Ordering System is an online ordering system. The Online Ordering System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter Name in the file /usercontact.php. The vulnerability can be exploited by a...

Cashu NUTs 安全漏洞

Cashu NUTs is a Cashu protocol specification open-sourced by Cashu. A security vulnerability exists in versions of Cashu NUTs prior to 0.18.0, which stems from an unvalidated preimage size that could lead to an attacker populating a mint's database and disk...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unimplemented settime64, which could lead to a null pointer dereference...

PT-2025-49501

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0 Description A security issue exists in projectworlds Advanced Library Management System. Manipulation of the user id argument in the /delete member.php file, through an unknown...

PT-2025-49505

Name of the Vulnerable Software and Affected Versions Currency Exchange System version 1.0 Description A SQL injection issue exists in Currency Exchange System 1.0. The issue is located in the file '/edit.php', where manipulation of the ID argument can lead to SQL injection. The attack can be...

PT-2025-49508

Name of the Vulnerable Software and Affected Versions code-projects Currency Exchange System version 1.0 Description A security flaw exists in code-projects Currency Exchange System version 1.0. The issue involves a SQL injection that can be triggered by manipulating the ID argument in the...

PT-2025-49516

Name of the Vulnerable Software and Affected Versions Simple Leave Manager version 1.0 Description A flaw exists in an unspecified functionality of the /request.php file that allows for SQL injection. Manipulating the staff id argument can trigger this issue, and the attack can be initiated...

PT-2025-49515

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

PT-2025-49544

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to...

PT-2025-49558

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user contact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available t...

PT-2025-49557

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

PT-2025-49568

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used...

CVE-2025-64081

SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...

CVE-2025-65548

NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell cashubtc/nuts before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary da...