Total
16863 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7610 | 1 Anisha | 1 Electricity Billing System | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Electricity Billing System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/change_password.php. The manipulation of the argument new_password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7594 | 1 Anisha | 1 Job Diary | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Job Diary 1.0. It has been classified as critical. This affects an unknown part of the file /view-emp.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7593 | 1 Anisha | 1 Job Diary | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Job Diary 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-all.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7559 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-09-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. This affects an unknown part of the file /admin/bwdates-report-result.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-7221 | 1 Oretnom23 | 1 School Log Management System | 2025-09-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was determined in SourceCodester/Campcodes School Log Management System 1.0. This affects an unknown part of the file /admin/manage_user.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2024-7220 | 1 Oretnom23 | 1 School Log Management System | 2025-09-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/print_barcode.php. The manipulation of the argument tbl results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2024-7219 | 1 Oretnom23 | 1 School Log Management System | 2025-09-29 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in SourceCodester/Campcodes School Log Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13150 | 2025-09-29 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.This issue affects fayton.Pro ERP: through 20250929. | |||||
| CVE-2024-57606 | 1 Guojusoft | 1 Jeecgboot | 2025-09-29 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component. | |||||
| CVE-2024-54761 | 1 Bigantsoft | 1 Bigant Office Messenger 5 | 2025-09-29 | N/A | 6.3 MEDIUM |
| BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. | |||||
| CVE-2025-3231 | 1 Phpgurukul | 1 Zoo Management System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Zoo Management System 2.1. It has been rated as critical. This issue affects some unknown processing of the file /aboutus.php. The manipulation of the argument pagetitle/pagedes leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-3767 | 1 Phpgurukul | 1 News Portal Project | 2025-09-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3173 | 1 Projectworlds | 1 Online Lawyer Management System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4331 | 1 Senior-walter | 1 Online Student Clearance System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-1061 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2025-09-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-1059 | 1 Doctors Appointment System Project | 1 Doctors Appointment System | 2025-09-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0296 | 1 Code-projects | 1 Online Book Shop | 2025-09-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4191 | 1 Phpgurukul | 1 Employee Record Management System | 2025-09-27 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /editmyeducation.php. The manipulation of the argument coursepg/yophsc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2024-10628 | 1 Ays-pro | 1 Quiz Maker | 2025-09-27 | N/A | 7.5 HIGH |
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. NOTE: The three variations of this software (Business, Developer, and Agency) share the same plugin slug, so you may get an alert even if you are running the latest version of any of the pieces of software. In these cases it is safe to dismiss the notice once you've confirmed your site is on a patched version of the applicable software. | |||||
| CVE-2010-5096 | 1 Mybb | 1 Mybb | 2025-09-26 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error. | |||||