CVE-2025-1855 PHPGurukul Online Shopping Portal product-details.php sql injection

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The...

CVE-2025-1576

CVE-2025-1576 affects Code-Projects Real Estate Property Management System 1.0. The vulnerability is an SQL injection in an unknown function of the file /ajax_state.php, caused by manipulating the StateName argument in a string. It is exploitable remotely, and the exploit has been disclosed publi...

PT-2025-6821 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM versions 5.13.0 and prior Description: A time-based blind SQL Injection vulnerability exists in the EditEventTypes functionality, allowing an attacker to execute arbitrary SQL queries. The newCountName parameter is directly...

CVE-2025-1154 xxyopen Novel books sql injection

A vulnerability, which was classified as critical, has been found in xxyopen Novel up to 3.4.1. Affected by this issue is some unknown functionality of the file /api/front/search/books. The manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit...

CVE-2022-43521

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

CVE-2024-57095

SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload...

CVE-2024-11840

CVE-2024-11840 affects RapidLoad AI – Optimize Web Vitals Automatically (WordPress plugin) up to v2.4.2. It lacks capability checks on multiple functions (uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, pr...

Ship Ferry Ticket Reservation System 1.0 SQL Injection

Titles: SFTRS - PHP by: oretnom23 v1.0 Multiple-SQLi Bonus: FU + RCE & XSS - Information disclosure Author: nu11secur1ty Date: 09/14/2024 Vendor: https://github.com/oretnom23 Software: https://www.sourcecodester.com/php/14923/shipferry-ticket-reservation-system-using-php-free-source-code.html...

CVE-2024-7371 SourceCodester Simple Realtime Quiz System quiz_view.php sql injection

A vulnerability was found in SourceCodester Simple Realtime Quiz System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /quizview.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

CVE-2024-6808 itsourcecode Simple Task List signUp.php insertUserRecord sql injection

A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2024-4792

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /adminclass.php. The manipulation of the argument...

PT-2023-30718 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop opartdevis versions 4.5.18 through 4.6.12 Description: A SQL injection issue allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. This enables the attacker to potentially...

Voyager SQL注入漏洞

Voyager is an application by David Borland, an individual developer. Voyager suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to perform a sql injection attack...

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities...

Library Management System 1.0 - Blind Time-Based SQL Injection (Unauthenticated)

Exploit Title: Library Management System 1.0 - Blind Time-Based SQL Injection Unauthenticated Exploit Author: Bobby Cooke @0xBoku & Adeeb Shah @hyd3sec Date: 16/09/2021 Vendor Homepage: https://www.sourcecodester.com/php/12469/library-management-system-using-php-mysql.html Software Link:...

CVE-2021-24521 Side Menu Lite < 2.2.1 - Authenticated SQL Injection

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

Amazon Linux AMI : rubygem-json (ALAS-2020-1423)

It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1423 advisory. The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability. This is quite similar toCVE-2013-0269, but doe...

CVE-2020-14054

SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...