CampCodes Online Polling System SQL注入漏洞

CampCodes Online Polling System is an online polling system from CampCodes Philippines. Campcodes Online Polling System version 1.0 suffers from a SQL injection vulnerability that stems from a misuse of the parameter email in the file /registeracc.php, which may lead to SQL injection...

PT-2025-47848

Name of the Vulnerable Software and Affected Versions Campcodes Online Polling System version 1.0 Description A flaw exists in Campcodes Online Polling System 1.0 related to the manipulation of the myusername argument within the file '/admin/checklogin.php', potentially leading to SQL injection...

WEB-APPLICATION-VULNERABILITY-SCANNER

WEB-APPLICATION-VULNERABILITY-SCANNER COMPANY: CODTECH IT S...

CVE-2025-13485

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been...

SUSE CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-66095

CVE-2025-66095 affects the KiviCare – Clinic & Patient Management System WordPress plugin (versions ≤ 3.6.13). It is an authenticated SQL Injection vulnerability caused by improper neutralization of input. Impact per documentation: high, with potential data exposure/integrity concerns as describe...

EUVD-2025-198430

The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to SQL Injection via the 'term' parameter in all versions up to, and including, 4.2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13138

The WP Directory Kit WordPress plugin is affected by an unauthenticated SQL injection in all versions up to 1.4.3, via the columns_search parameter of the select_2_ajax() function. The flaw stems from insufficient escaping of the user input and inadequate preparation of the existing SQL query, en...

CVE-2025-52410

Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The myds GET parameter is not adequately sanitized before being used in SQL queries...

CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

CVE-2025-13485 itsourcecode Online File Management System ajax.php sql injection

A security flaw has been discovered in itsourcecode Online File Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit has been...

itsourcecode Online File Management System SQL注入漏洞

itsourcecode Online File Management System is a itsourcecode open source online file management system. A SQL injection vulnerability exists in itsourcecode Online File Management System version 1.0, which originates from a misuse of the parameter Username in file/ajax.php?action=login, which cou...

WordPress Community Events plugin SQL Injection Vulnerability

WordPress Community Events plugin is an event management plugin on the WordPress platform , mainly used to create and display the event calendar , support for AJAX dynamic loading and event submission form features . WordPress Community Events plugin suffers from a SQL injection vulnerability tha...

CVE-2025-13410

A vulnerability has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Affected is an unknown function of the file /admin/receipt.php. Such manipulation of the argument tid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and...

CVE-2025-10437

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eksagate Electronic Engineering and Computer Industry Trade Inc. Webpack Management System allows SQL Injection.This issue affects Webpack Management System: through 20251119...

EUVD-2025-198346

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...