EUVD-2025-208503

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976469)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

EUVD-2025-25613

Malicious code in bioql PyPI...

Hospital Management System edit-doctor.php file SQL Injection Vulnerability

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter docfees in the file /admin/edit-doctor.php. An...

Old Age Home Management System SQL Injection Vulnerability

Old Age Home Management System is a nursing home management system. Old Age Home Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter emeradd in file /admin/add-scdetails.php. An attacker can...

Campcodes Online Shopping Portal SQL Injection Vulnerability

CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. Campcodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally-entered SQL statements for the parameter Category in the file /admin/category.php. An...

WordPress Shuffle plugin SQL injection vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Shuffle plugin suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements. An attacker can exploit this...

Student Grading System SQL Injection Vulnerability (CNVD-2025-03172)

Student Grading System is a student grading system. A SQL injection vulnerability exists in Student Grading System version 1.0, which stems from a lack of validation of externally entered SQL statements in the parameter id of the file /viewstudents.php. An attacker can exploit this vulnerability ...

WordPress Plugin WPMU Prefill Post SQL Injection Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability exists in WordPress plugin WPMU Prefill Post version 1.02 and earlier...

Kashipara Music Management System SQL Injection Vulnerability

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/viewuser.php against external SQL input, and can be exploited...

Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37435)

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the search parameter of /music/ajax.php?action=findmusic against external SQL input,...

Computer Laboratory Management System SQL Injection Vulnerability

Computer Laboratory Management System is a computerized laboratory management system. A SQL injection vulnerability exists in Computer Laboratory Management System version 1.0 due to a lack of validation of externally entered SQL statements in the parameter id. An attacker can exploit this...

SAP Global Label Management SQL Injection Vulnerability

SAP Global Label Management is a global label management system from SAP. SAP Global Label Management suffers from a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could use this vulnerability to execute illegal S...

J2EEFAST SysMsgPushMapper.xml File SQL Injection Vulnerability

J2eeFAST is a Java EE enterprise-class rapid development platform , is committed to building the best small and medium-sized open source free back-end framework platform . J2EEFAST v2.7.0 version of the SQL injection vulnerability , the vulnerability stems from SysMsgPushMapper.xml findPage...

RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33626)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter in the /WorkFlow/wfworkfinishfiledown.aspx file against external SQL input. An attacker can explo...

RuvarOA id parameter SQL injection vulnerability (CNVD-2024-33617)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter in the /SysManage/wftemplatechildfieldlist.aspx file against external SQL input. An attacker can exploi...

RuvarOA id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /SysManage/sysblogtemplatenew.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

RuvarOA SQL Injection Vulnerability (CNVD-2024-33151)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the fileid parameter of the /CorporateCulture/kaizendownload.aspx file against external SQL input. An attacker can exploit this...

Customer Support System SQL Injection Vulnerability (CNVD-2024-14030)

Customer Support System is a customer support system by oretnom23 Personal Developer that helps a particular business or company to provide customer support after a customer has purchased a product from them. Customer Support System suffers from a SQL injection vulnerability that originates from...

Kashipara Food Management System SQL Injection Vulnerability (CNVD-2024-13480)

Kashipara Food Management System is a food management system from Kashipara. A SQL injection vulnerability exists in Kashipara Food Management System version 1.0, which is caused by the lack of validation of the parameter itemype in the stockentrysubmit.php file for externally entered SQL...