Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in projectworlds Advanced Library Management System version 1.0, which stems from incorrect manipulation of the parameter bookid in the file...

code-projects Currency Exchange System SQL注入漏洞

Currency Exchange System is a currency exchange system. The Currency Exchange System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /edittrns.php. An attacker can exploit this vulnerabilit...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that stems from SQL command injection and could result in reading the contents of the database...

SourceCodester Patients Waiting Area Queue Management System SQL注入漏洞

SourceCodester Patients Waiting Area Queue Management System is SourceCodester open source a patient waiting area queue management system. SourceCodester Patients Waiting Area Queue Management System v1 version exists SQL injection vulnerability , the vulnerability stems from /...

PT-2025-49586

Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1 Description A SQL injection issue exists in the /php/api patient schedule.php component. Attackers can execute arbitrary SQL commands by manipulating the appointmentID...

CVE-2025-60912

CVE-2025-60912 affects phpIPAM v1.7.3 and describes a CSRF flaw in the database export path. The vulnerability is caused by the generate-mysql.php function under /app/admin/import-export/, which can allow a remote attacker to trigger large database dump downloads if an administrator has an active...

CVE-2025-60912

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

CVE-2025-60912

phpIPAM v1.7.3 contains a Cross-Site Request Forgery CSRF vulnerability in the database export functionality. The generate-mysql.php function, located in the /app/admin/import-export/ endpoint, allows remote attackers to trigger large database dump downloads via crafted HTTP GET requests if an...

PT-2025-49507

Name of the Vulnerable Software and Affected Versions Currency Exchange System version 1.0 Description A SQL injection issue exists in Currency Exchange System version 1.0. Manipulation of the ID argument in the /edittrns.php file can lead to SQL injection. This attack can be performed remotely...

PT-2025-49514

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

Galaxy Software Services Vitals ESP SQL注入漏洞

Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. Galaxy Software Services Vitals ESP suffers from a SQL injection vulnerability that originates from a SQL command injection that could result in reading the contents of the...

CVE-2025-14203

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and m...

CVE-2025-14201 alokjaiswal Hotel-Management-services-using-MYSQL-and-php dishsub.php cross site scripting

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...

EUVD-2025-201610

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected by this vulnerability is an unknown functionality of the file /dishsub.php. The manipulation of the argument item.name results in cross site scripting. I...

CVE-2025-14200 alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting

A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possibl...

CVE-2025-14200 alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting

A vulnerability has been found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. Affected is an unknown function of the file /usersub.php of the component Request Pending Page. The manipulation leads to cross site scripting. It is possibl...

CVE-2025-14193 code-projects Employee Profile Management System view_personnel.php sql injection

A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /viewpersonnel.php. Executing a manipulation of the argument perid can lead to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-14189

CVE-2025-14189 affects Chanjet CRM up to 20251121 (and prior versions). The vulnerability is a SQL injection in an unknown function of the file /tools/jxf_dump_table_demo.php caused by improper handling of the gblOrgID parameter. It can be exploited remotely and public exploit code exists. Affect...

SQL injection vulnerability in the multimedia integrated business display system of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-986298)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

PT-2025-49414

Name of the Vulnerable Software and Affected Versions alokjaiswal Hotel-Management-services-using-MYSQL-and-php versions up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f Description A security issue exists in alokjaiswal Hotel-Management-services-using-MYSQL-and-php. The issue is related to cross...