CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-52671

CVE-2025-52671 describes an information-disclosure vulnerability in Revive Adserver where SQL error messages reveal debugging details, enabling non-admin users to learn software, PHP, and database versions. Connected sources (CNVD, RH, EUVD, NVD, OSV, CVE/CVEList, and a HackerOne report) consiste...

CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

Wordfence Intelligence Weekly WordPress Vulnerability Report (November 10, 2025 to November 16, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! The LFInder Challenge:Refine your LFI hunting skills with an expanded scope. Now through November 24, 2025, all LFI vulnerabilities in software with at least 25 active installs are considered in-scope for all researchers, regardless of...

EUVD-2025-198265

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

Access Control Bypass

Overview phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services. Affected versions of this package are vulnerable to Access Control Bypass via the handling of user-controlled parameters in sql.php. An attacker can...

phppgadmin contains a SQL injection vulnerability

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

DEBIAN-CVE-2025-60798

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $REQUEST'query' directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute...

CVE-2025-41076

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

CVE-2025-41076 Multiple vulnerabilities in Limesurvey

In version 6.13.0 of LimeSurvey, any external user can cause a 500 error in the survey system by sending a malformed session cookie. Instead of displaying a generic error message, the system exposes internal backend information, including the use of the Yii framework, the MySQL/MariaDB database...

EUVD-2025-198249

A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

CVE-2025-13424

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

CVE-2025-13424 Campcodes Supplier Management System add_product.php sql injection

A vulnerability has been found in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/addproduct.php. The manipulation of the argument txtProductName leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to...

TencentOS Server 3: mariadb:10.5 (TSSA-2022:0034)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0034 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-60798

CVE-2025-60798 affects phpPgAdmin 7.13.0 and earlier. The vulnerability is a SQL injection in display.php (line 396) where user-controlled input from $_REQUEST['query'] is passed directly to browseQuery without sanitization. An authenticated attacker can manipulate the query to execute arbitrary ...

CVE-2025-52410

CVE-2025-52410 affects Institute-of-Current-Students v1.0. The vulnerability is a time-based blind SQL injection in the mydetailsstudent.php endpoint, caused by insufficient sanitization of the GET parameter myds used in SQL queries. This leads to high-impact outcomes (confidentiality, integrity,...

CVE-2025-60797

phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $REQUEST'query' parameter without any sanitization or parameterization via $data-conn-Execute$REQUEST'query'. An authenticated...

Responsive Hotel Site usersetting.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter usname in the file /admin/usersetting.php. An attacker can exploit this...

Responsive Hotel Site usersettingdel.php File SQL Injection Vulnerability

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter eid in the file /admin/usersettingdel.php. An attacker can exploit this...