Incorrect Default Permissions

Overview caffeinated-whale-cli is an A CLI tool to help manage Frappe Docker instances. Affected versions of this package are vulnerable to Incorrect Default Permissions due to insecure file permissions. The cache directory and database file are created without enforcing restrictive access...

CVE-2025-13001

The donation WordPress plugin through 1.0 does not sanitize and escape a parameter before using it in a SQL statement, allowing high privilege users, such as admin to perform SQL injection attacks...

CVE-2025-13000

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-13000 DB Access <= 0.8.7 - Subscriber+ SQLi

The db-access WordPress plugin through 0.8.7 does not have authorization in an AJAX action, allowing any authenticated users, such as subscriber to perform SQLI attacks...

CVE-2025-63532

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass...

WordPress plugin VikRentCar Car Rental Management System SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers. A SQL injectio...

WordPress plugin donation 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, and WordPress plugin is an application plugin. WordPress Donation suffers from a SQL injection vulnerability that stems from insufficient cleanup and escaping, no details of the vulnerability are provided at this time...

TCMAN GIM SQL注入漏洞

TCMAN GIM is a management system from TCMAN, Spain. A SQL injection vulnerability exists in TCMAN GIM version v11 20250304, which originates from a SQL injection and could lead to database manipulation...

Mirion Medical EC2 Software NMIS BioDose 安全漏洞

Mirion Medical EC2 Software NMIS BioDose is a software for managing and analyzing biological dosimetry data from Mirion Medical, Germany. A security vulnerability exists in Mirion Medical EC2 Software NMIS BioDose V22.02 and prior versions that originates from accessing the database using a publi...

PT-2025-48674

Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists in Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2. The ShowMeterDatabase function copies user-controlled input into a fixed-size buffer using sprintf...

PT-2025-48665

The WP Directory Kit plugin for WordPress is vulnerable to SQL Injection via the 'search' parameter in all versions up to, and including, 1.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-48713

Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php...

PT-2025-48779

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

PT-2025-48777

Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to V22.02 Description NMIS/BioDose versions prior to V22.02 utilize a shared SQL Server user account for database access. Client application user access is controlled by password authentication within the client...

PT-2025-48782

Name of the Vulnerable Software and Affected Versions PHPGurukul Billing System version 1.0 Description The PHPGurukul Billing System version 1.0 contains a SQL Injection issue in the admin/index.php endpoint. The username parameter is susceptible because it accepts unvalidated user input that is...

PT-2025-48773

Name of the Vulnerable Software and Affected Versions Lvzhou CMS versions prior to commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 2025-09-22 Description The software contains a SQL injection flaw due to unsanitized input. Specifically, the title parameter within the...

PT-2025-48682

Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description A SQL injection issue exists in TCMAN GIM v11 version 20250304. This allows an attacker to retrieve, create, update, and delete databases. The issue is triggered by sending a GET request utilizing the...

Piwigo 13.6.0 - SQL Injection

Exploit Title: Piwigo 13.6.0 - SQL Injection Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/Piwigo/Piwigo Software Link: https://github.com/Piwigo/Piwigo Version: 13.6.0 Tested on: Windows CVE : CVE-2023-33362 Proof Of Concept: GET /admin.php?page=profile&userid='...

PT-2025-48656

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...