PT-2025-38712

Name of the Vulnerable Software and Affected Versions Hostel Management System version 1.0 Description A flaw exists in the Hostel Management System that allows for remote SQL injection. The issue is located in the /justines/admin/login.php file, specifically through manipulation of the email...

CVE-2025-10687

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. This affects an unknown part of the file /admin/addteacher.php. The manipulation of the argument Username results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and coul...

CVE-2025-10662

A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /adminmembers.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be use...

CVE-2025-10595

A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/deleteuser.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has...

CVE-2025-10673

A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has...

CVE-2025-10670

CVE-2025-10670 affects itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The vulnerability is in the processing of /check_profile.php, where manipulating the profile_id parameter can lead to an SQL injection. The issue is exploitable remotely and exploits have been published ...

CVE-2025-10664 PHPGurukul Small CRM create-ticket.php sql injection

A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10664 PHPGurukul Small CRM create-ticket.php sql injection

A vulnerability was determined in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /create-ticket.php. Executing manipulation of the argument subject can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-10624

A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and ma...

CVE-2025-10624

A security flaw has been discovered in PHPGurukul User Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument emailid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and ma...

CVE-2025-10479

A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-10621

SourceCodester Hotel Reservation System 1.0 contains a SQL injection vulnerability in editroomimage.php caused by manipulation of the ID parameter. Exploitation can be performed remotely, and publicly disclosed exploits exist. Remediation/mitigation guidance from PT-2025-38281 suggests a temporar...

CVE-2025-10620

The CVE-2025-10620 entry concerns itsourcecode Online Clinic Management System 1.0. It identifies an SQL injection vulnerability in unknown code within the file /editp2.php, caused by manipulating parameters id, firstname, lastname, type, age, or address. The vulnerability can be exploited remote...

CVE-2025-10618

A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file transact.php. Such manipulation of the argument firstname leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2025-10477

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched...

CVE-2025-10613 itsourcecode Student Information System leveledit1.php sql injection

A vulnerability has been found in itsourcecode Student Information System 1.0. The affected element is an unknown function of the file /leveledit1.php. Such manipulation of the argument levelid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2025-10613

CVE-2025-10613 affects itsourcecode Student Information System 1.0. The vulnerability is a SQL injection in the parameter level_id of /leveledit1.php caused by improper input handling. It can be exploited remotely and, per connected sources, the exploit has been disclosed publicly. Reports summar...

CVE-2025-10604

A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. This affects an unknown part of the file /admin/editmember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-10604 PHPGurukul Online Discussion Forum edit_member.php sql injection

A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. This affects an unknown part of the file /admin/editmember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-10598

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/searchproduct.php. Such manipulation of the argument groupid leads to sql injection. The attack may be launched remotely. The exploit is publicly...