Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15211 | 1 Fabian | 1 Refugee Food Management System | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15212 | 1 Fabian | 1 Refugee Food Management System | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
|
|||||
| CVE-2025-15354 | 1 Angeljudesuarez | 1 Society Management System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2024-44065 | 1 Magicbug | 1 Cloudlog | 2025-12-31 | N/A | 9.8 CRITICAL |
|
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
|
|||||
| CVE-2025-46268 | 1 Advantech | 1 Webaccess\/scada | 2025-12-31 | N/A | 6.3 MEDIUM |
|
Advantech WebAccess/SCADA
is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands.
|
|||||
| CVE-2025-63948 | 1 Craigtaub | 1 Phpmsadmin | 2025-12-31 | N/A | 5.4 MEDIUM |
|
A SQL Injection vulnerability exists in phpMsAdmin version 2.2 in the database_mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.
|
|||||
| CVE-2023-53917 | 1 Powerstonegh | 1 Affiliate Me | 2025-12-31 | N/A | 6.5 MEDIUM |
|
Affiliate Me version 5.0.1 contains a SQL injection vulnerability in the admin.php endpoint that allows authenticated administrators to manipulate database queries. Attackers can exploit the 'id' parameter with crafted union-based queries to extract sensitive user information including usernames and password hashes.
|
|||||
| CVE-2024-58308 | 1 Opensolution | 1 Quick Cms | 2025-12-31 | N/A | 9.8 CRITICAL |
|
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.
|
|||||
| CVE-2025-64519 | 1 Torrentpier | 1 Torrentpier | 2025-12-31 | N/A | 8.8 HIGH |
|
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the dat ...
Show More |
|||||
| CVE-2021-47720 | 1 Orangescrum | 1 Orangescrum | 2025-12-31 | N/A | 7.1 HIGH |
|
Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like old_project_id, project_id, uuid, and uniqid to potentially extract or modify database information.
|
|||||
| CVE-2025-30774 | 1 Ays-pro | 1 Quiz Maker | 2025-12-31 | N/A | 8.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7.
|
|||||
| CVE-2025-64280 | 1 Centralsquare | 1 Community Development | 2025-12-31 | N/A | 9.8 CRITICAL |
|
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
|
|||||
| CVE-2025-56385 | 1 Wellsky | 1 Harmony | 2025-12-31 | N/A | 9.8 CRITICAL |
|
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.
|
|||||
| CVE-2025-15004 | 1 Dedecms | 1 Dedecms | 2025-12-31 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelist_main.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-66947 | 1 Krishanmurariji | 1 Student Management System | 2025-12-31 | N/A | 6.5 MEDIUM |
|
SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database compromise, especially within an administrative module.
|
|||||
| CVE-2025-63878 | 1 Hackerwhale | 1 Restaurant Website Restoran | 2025-12-31 | N/A | 6.5 MEDIUM |
|
Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page.
|
|||||
| CVE-2025-4362 | 1 Admerc | 1 Gym Management System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in itsourcecode Gym Management System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_membership. The manipulation of the argument member_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-14652 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This issue affects some unknown processing of the file /admindetail.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-14832 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-14650 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-31 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15002 | 1 Seacms | 1 Seacms | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15053 | 1 Fabian | 1 Student Information System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
|
|||||
| CVE-2025-15049 | 1 Anisha | 1 Online Farm System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-15167 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15166 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-15165 | 1 Admerc | 1 Online Cake Ordering System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15078 | 1 Angeljudesuarez | 1 Student Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-15077 | 1 Angeljudesuarez | 1 Student Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-15075 | 1 Angeljudesuarez | 1 Student Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-15073 | 1 Itsourcecode | 1 Online Frozen Foods Ordering System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-15074 | 1 Itsourcecode | 1 Online Frozen Foods Ordering System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-15186 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-15185 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-15184 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
|
|||||
| CVE-2025-15183 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-15182 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-15181 | 1 Fabian | 1 Refugee Food Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-55703 | 1 Sunbirddcim | 1 Power Iq | 2025-12-30 | N/A | 2.5 LOW |
|
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, where the API call code was updated to ensure safe handling of input values.
|
|||||
| CVE-2024-58309 | 1 Xbtitfm | 1 Xbtitfm | 2025-12-30 | N/A | 9.8 CRITICAL |
|
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database names, user credentials, and password hashes from the underlying database.
|
|||||
| CVE-2025-14989 | 1 Campcodes | 1 Complete Online Beauty Parlor Management System | 2025-12-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
|
|||||