CVE-2018-25257 Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

PT-2026-32177

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2025-67645 OpenEMR Vulnerable to Broken Access Control in Profile Edit Endpoint

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters pubpid / pid to reference another user’s recor...

PT-2025-41305

Name of the Vulnerable Software and Affected Versions ProjectWorlds Gym Management System version 1.0 Description The software is susceptible to SQL Injection through the id parameter in the 'profile/edit.php' page. This allows for potential unauthorized access or modification of data. The affect...