CVE-2025-1832

CVE-2025-1832 affects the function getUserList in src/main/java/com/futvan/z/system/zrole/ZroleAction.java of zj1983 zz up to 2024-8. The vulnerability arises from manipulation of the roleid argument, leading to SQL injection. Exploitation is network-accessible and was disclosed publicly, enablin...

CVE-2025-1812

A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-1576

A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajaxstate.php. The manipulation of the argument StateName as part of String leads to sql injection. The attack can ...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

DEBIAN-CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

UBUNTU-CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection...

SUSE CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

CVE-2025-26794

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations...

Exim < 4.98.1 SQL injection

Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

CVE-2025-1374

CVE-2025-1374 affects code-projects Real Estate Property Management System 1.0. The vulnerability is in /search.php where manipulating parameters StateName, CityName, AreaName, or CatId allows SQL injection. It can be exploited remotely and the exploit has been disclosed publicly. Remediation/mit...

CVE-2025-1224

CVE-2025-1224 affects the ywoa system (up to 2024.07.03) with an SQL injection in the function listNameBySql of com/cloudweb/oa/mapper/xml/UserMapper.xml. The vulnerability arises from how the SQL is constructed in listNameBySql, allowing remote attackers to manipulate queries. Public disclosures...

EsafeNet CDG 安全漏洞

EsafeNet CDG is a document security management system from EsafeNet China. A security vulnerability exists in EsafeNet CDG version 5.6.3.154.20520250114, which originates from SQL injection and can be remotely exploited to manipulate the safetyGroupId parameter in the addPolicyToSafetyGroup.jsp...

CVE-2025-0210

A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be...

CyberoamOS (CROS) SQL Injection Vulnerability

CyberoamOS CROS contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely...

CVE-2024-12943

A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be...

CVE-2024-12231

A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclose...

CVE-2024-3439

A vulnerability was found in SourceCodester Prison Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Account/login.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to th...

CVE-2024-1824

A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched...