CVE-2025-9126

CVE-2025-9126 concerns the WordPress plugin Smart Table Builder. Multiple sources confirm a Stored Cross-Site Scripting (XSS) flaw via the id parameter in versions up to 1.0.1, exploitable by authenticated users with Contributor-level access or higher. The underlying issue is insufficient input s...

CVE-2025-0199

A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Affected is an unknown function of the file /user/minuscart.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack...

PT-2024-38229 · Sourcecodester · Sourcecodester Lot Reservation Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lot Reservation Management System version 1.0 Description: A critical issue affects the processing of the file /admin/view reserved.php, where the manipulation of the id argument leads to sql injection. The attack can be...

SEMCMS SQL注入漏洞

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. SEMCMS version 1.5 suffers from a SQL injection vulnerability, which originates from the lack of validation of external input SQL statements in the parameter id of /AntSuxin.php, which can be exploited b...

PHP ZLink 'go.php' SQL注入漏洞

PHP ZLink是一款基于PHP的WEB应用程序。 PHP ZLink不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'go.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 Zeak.net PHP ZLink 0.3 目前没有解决方案提供： http://www.zeak.net/ !/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if!$ARGV3 print "\n \'/...