Skip to main content

SQLi

15171 CVEs technique

Monthly

CVE-2025-15409 MEDIUM POC This Month

Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15408 MEDIUM POC This Month

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15407 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-0544 MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-30628 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) azon-addon-js-composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through <= 1.2.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-28949 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders mediabay allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through <= 1.4.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-15392 LOW Monitor

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Kodicms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15354 MEDIUM POC This Month

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15353 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15263 MEDIUM POC This Month

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Simple Php Cms
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-59129 HIGH This Week

Blind SQL Injection in Appointify WordPress plugin version 1.0.8 and earlier allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying database. The vulnerability enables data extraction and manipulation through time-based or error-based inference techniques without requiring valid credentials or authentication. EPSS score of 0.04% indicates low statistical likelihood of exploitation despite the technical severity of SQL injection.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68990 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-15243 MEDIUM POC This Month

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15212 LOW POC Monitor

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15211 LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to manipulate refNo, Fname, Lname, sex, age, contact, and nationality_nid parameters in /home/refugee.php, enabling unauthorized database query execution with limited confidentiality and integrity impact. The vulnerability requires login credentials (PR:L), has publicly available exploit code, and carries a low CVSS score (2.1) despite active proof-of-concept publication, indicating minimal real-world risk due to authentication barrier and restricted impact scope.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15210 LOW POC Monitor

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15209 LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated a/b/c/d arguments in /home/editfood.php, affecting confidentiality and integrity of stored data. The vulnerability has a public exploit available but carries low real-world risk due to authentication requirement and minimal scope (CVSS 2.1, EPSS 0.05%). Active exploitation is not confirmed in CISA KEV despite public POC availability.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15208 MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15207 MEDIUM POC This Month

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15206 MEDIUM POC This Month

A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15205 LOW POC Monitor

SQL injection in Student File Management System 1.0 via the istore_id parameter in /download.php allows authenticated remote attackers to execute arbitrary SQL queries with limited information disclosure impact. The vulnerability requires valid user credentials (PR:L) and has a CVSS score of 2.1 with EPSS exploitation probability of 0.04%, indicating low real-world risk despite public exploit availability.

PHP SQLi Student File Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15198 MEDIUM POC This Month

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi College Notes Uploading System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15196 MEDIUM POC This Month

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Assessment Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15195 MEDIUM POC This Month

A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Assessment Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15186 MEDIUM POC This Month

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15185 MEDIUM POC This Month

A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15184 MEDIUM This Month

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15183 MEDIUM This Month

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15182 MEDIUM This Month

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15181 MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15169 LOW POC Monitor

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Simple Php Cms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15168 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15167 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15166 MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15165 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15143 LOW POC Monitor

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Eyoucms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15142 MEDIUM This Month

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

PHP SQLi
NVD VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15140 MEDIUM This Month

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15127 MEDIUM POC This Month

A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Hotels Server
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15088 LOW Monitor

SQL injection in ketr JEPaaS up to version 7.2.8 allows authenticated remote attackers to manipulate the keyWord parameter in the postilService.loadPostils function at /je/postil/postil/loadPostil endpoint, enabling unauthorized data access with low confidentiality and integrity impact. Public exploit code is available, and the vendor has not responded to early disclosure notification despite multiple contact attempts.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15078 MEDIUM POC This Month

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15077 MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15075 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15074 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Online Frozen Foods Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-15073 MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Frozen Foods Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68590 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68570 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68519 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.

WordPress SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-68496 HIGH This Week

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.0) allows unauthenticated remote attackers to extract database contents, modify data, or execute administrative commands. The vulnerability carries a critical CVSS score of 9.8 due to network-based exploitation requiring no privileges or user interaction. While EPSS probability is low (0.05%, 14th percentile) and no active exploitation is confirmed at time of analysis, the severity and unauthenticated attack vector make this a priority for WordPress administrators using this plugin. Patchstack security audit identified this flaw as CWE-89 SQL injection stemming from improper input sanitization.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-15053 MEDIUM POC This Month

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

PHP SQLi Student Information System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15049 MEDIUM POC This Month

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-68561 HIGH This Week

SQL injection in AutomatorWP WordPress plugin through version 5.2.4 allows authenticated attackers to execute arbitrary SQL commands. The vulnerability exists in the plugin's database query handling where user-supplied input is not properly sanitized before being used in SQL statements. While EPSS scoring indicates low exploitation probability (0.04th percentile), the SQL injection vector represents a critical capability if exploited, potentially enabling data exfiltration, modification, or deletion from the affected WordPress database.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-68550 HIGH This Week

Blind SQL injection in WPBulky WordPress plugin through version 1.1.13 allows high-privileged authenticated attackers to extract database contents and potentially cause limited service disruption. The vulnerability exists in the bulk edit functionality where user-supplied input is improperly sanitized before inclusion in SQL queries. With EPSS score of 0.04% (12th percentile) and no public exploit code identified, immediate mass exploitation appears unlikely, though administrator-level compromise could enable data exfiltration from WordPress databases.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2025-15034 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15012 MEDIUM POC This Month

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15011 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-15004 LOW POC Monitor

SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.

PHP SQLi Dedecms
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15003 LOW POC Monitor

SQL injection in SeaCMS up to version 13.3 via the e_id parameter in admin_video.php allows authenticated high-privilege attackers to execute arbitrary SQL queries and manipulate database content. The vulnerability requires administrative credentials, limiting real-world impact despite public exploit availability. EPSS score of 0.05% reflects the high privilege requirement needed for exploitation.

PHP SQLi Seacms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15002 MEDIUM POC This Month

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Seacms
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14990 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14989 MEDIUM POC This Month

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14968 MEDIUM POC This Month

A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14967 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14966 LOW POC Monitor

SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitrary SQL queries via manipulation of the custom/searchField parameter in the selectpage function of the Backend Controller. The vulnerability requires administrator-level privileges and has publicly available exploit code, though the low CVSS score (2.0) and minimal EPSS exploitation probability (0.06%) indicate limited real-world risk despite active disclosure.

PHP SQLi Fastadmin
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-14961 MEDIUM POC This Month

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

PHP SQLi Simple Blood Donor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14960 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP SQLi Simple Blood Donor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14959 MEDIUM POC This Month

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14952 MEDIUM POC This Month

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14951 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14950 MEDIUM POC This Month

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14940 MEDIUM POC This Month

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14939 LOW POC Monitor

SQL injection in code-projects Online Appointment Booking System 1.0 allows high-privilege remote attackers to manipulate the managername parameter in /admin/deletemanager.php, resulting in limited confidentiality and integrity impact. EPSS score of 0.05% and CVSS 2.0 reflect the high privilege requirement (PR:H), which severely constrains real-world exploitability despite public POC availability.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14900 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the ID parameter in /admin/userdelete.php. The vulnerability requires administrator access and carries low confidentiality, integrity, and availability impact per CVSS 4.0 scoring. Publicly available exploit code exists, though EPSS scoring (0.01%, percentile 3%) indicates minimal real-world exploitation probability, suggesting the threat is primarily theoretical despite public disclosure.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14899 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to inject malicious SQL via the /admin/stateadd.php endpoint, potentially compromising database integrity and confidentiality. The vulnerability requires administrative privileges to exploit and has a low CVSS score (2.0) due to restricted scope and limited impact, but publicly available exploit code exists. Real-world risk is minimal given the high privilege barrier (PR:H), though organizations running this system should prioritize patching to prevent insider threats.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14898 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to execute arbitrary SQL queries via the /admin/userbuilderdelete.php endpoint. The vulnerability requires authenticated administrator access (CVSS PR:H) and affects only confidentiality and integrity with low impact. Publicly available exploit code exists, though exploitation is limited by the requirement for valid high-privilege credentials and carries low real-world risk due to EPSS score of 0.05% and the attacker profile (malicious insiders with admin accounts).

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14897 LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the /admin/useragentdelete.php endpoint. The vulnerability requires administrator credentials but poses risk to systems where admin accounts may be compromised or where privileged users are untrusted. Publicly available exploit code exists, though EPSS indicates low real-world exploitation probability at 0.05%.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-14877 MEDIUM POC This Month

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-64371 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-60062 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through <= 1.2.1.6.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2025-58951 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through <= 3.1.

WordPress SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-14314 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-14834 LOW POC Monitor

SQL injection in Simple Stock System 1.0 via the Username parameter in /checkuser.php allows authenticated remote attackers to manipulate database queries with low impact to confidentiality, integrity, and availability. The CVSS 4.0 vector (PR:L) indicates login is required, but an EPSS score of 0.05% and very low CVSS base of 2.1 suggest minimal real-world exploitation risk despite public exploit availability.

PHP SQLi Simple Stock System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-14833 MEDIUM This Month

A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipulation of the argument clinic results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-14832 MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14780 LOW Monitor

SQL injection in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 allows authenticated remote attackers to manipulate the filter parameter in the /dishtrade/dish_trade_detail_get endpoint, resulting in limited confidentiality and integrity impact. Public exploit code exists; however, the CVSS score of 2.1 and EPSS percentile of 16% indicate low real-world exploitation probability despite authenticated network accessibility, suggesting the vulnerability may require specific application knowledge or platform-dependent conditions to achieve meaningful impact.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-68056 HIGH This Week

SQL injection in LBG Zoominoutslider WordPress plugin versions through 5.4.4 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause denial of service. The vulnerability enables cross-scope impact, meaning attackers can access resources beyond their authorized privilege level. EPSS probability is low (0.04%, 14th percentile), indicating limited observed exploitation activity, though Patchstack's disclosure suggests active security community awareness.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-68055 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-68054 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-68053 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2025-67999 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer) azon-addon-js-composer allows SQL Injection.This issue affects Amazon Affiliates Addon for WPBakery Page Builder (formerly Visual Composer): from n/a through <= 1.2.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders mediabay allows Blind SQL Injection.This issue affects Mediabay - WordPress Media Library Folders: from n/a through <= 1.4.

WordPress SQLi
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Kodicms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

PHP SQLi Society Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Simple Php Cms
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL Injection in Appointify WordPress plugin version 1.0.8 and earlier allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying database. The vulnerability enables data extraction and manipulation through time-based or error-based inference techniques without requiring valid credentials or authentication. EPSS score of 0.04% indicates low statistical likelihood of exploitation despite the technical severity of SQL injection.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue affects BWL Pro Voting Manager: from n/a through <= 1.4.9.

SQLi
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

PHP SQLi Simple Stock System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to manipulate refNo, Fname, Lname, sex, age, contact, and nationality_nid parameters in /home/refugee.php, enabling unauthorized database query execution with limited confidentiality and integrity impact. The vulnerability requires login credentials (PR:L), has publicly available exploit code, and carries a low CVSS score (2.1) despite active proof-of-concept publication, indicating minimal real-world risk due to authentication barrier and restricted impact scope.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated a/b/c/d arguments in /home/editfood.php, affecting confidentiality and integrity of stored data. The vulnerability has a public exploit available but carries low real-world risk due to authentication requirement and minimal scope (CVSS 2.1, EPSS 0.05%). Active exploitation is not confirmed in CISA KEV despite public POC availability.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing a manipulation of the argument txtAreaCode can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Student File Management System 1.0 via the istore_id parameter in /download.php allows authenticated remote attackers to execute arbitrary SQL queries with limited information disclosure impact. The vulnerability requires valid user credentials (PR:L) and has a CVSS score of 2.1 with EPSS exploitation probability of 0.04%, indicating low real-world risk despite public exploit availability.

PHP SQLi Student File Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi College Notes Uploading System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Assessment Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in code-projects Assessment Management 1.0. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Assessment Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown function of the file /home/served.php. Executing manipulation of the argument refNo can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in code-projects Refugee Food Management System 1.0. The impacted element is an unknown function of the file /home/pagenateRefugeesList.php. Performing manipulation of the argument rfid results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Simple Php Cms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Cake Ordering System 1.0. This impacts an unknown function of the file /detailtransac.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown function of the file /updatesupplier.php?action=edit. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0. The impacted element is an unknown function of the file /updatecustomer.php?action=edit. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Eyoucms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.

PHP SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Hotels Server
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in ketr JEPaaS up to version 7.2.8 allows authenticated remote attackers to manipulate the keyWord parameter in the postilService.loadPostils function at /je/postil/postil/loadPostil endpoint, enabling unauthorized data access with low confidentiality and integrity impact. Public exploit code is available, and the vendor has not responded to early disclosure notification despite multiple contact attempts.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /list_report.php. The manipulation of the argument sy results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /form137.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Management System 1.0. This issue affects some unknown processing of the file /student_p.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /customer_details.php. Such manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Online Frozen Foods Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contact_us.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Frozen Foods Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issue affects Integration for Contact Form 7 HubSpot: from n/a through <= 1.4.2.

SQLi
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through <= 3.2.2.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affects Brands for WooCommerce: from n/a through <= 3.8.6.3.

WordPress SQLi
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.0) allows unauthenticated remote attackers to extract database contents, modify data, or execute administrative commands. The vulnerability carries a critical CVSS score of 9.8 due to network-based exploitation requiring no privileges or user interaction. While EPSS probability is low (0.05%, 14th percentile) and no active exploitation is confirmed at time of analysis, the severity and unauthenticated attack vector make this a priority for WordPress administrators using this plugin. Patchstack security audit identified this flaw as CWE-89 SQL injection stemming from improper input sanitization.

SQLi
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

PHP SQLi Student Information System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in code-projects Online Farm System 1.0. Affected is an unknown function of the file /addProduct.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
EPSS 0% CVSS 7.6
HIGH This Week

SQL injection in AutomatorWP WordPress plugin through version 5.2.4 allows authenticated attackers to execute arbitrary SQL commands. The vulnerability exists in the plugin's database query handling where user-supplied input is not properly sanitized before being used in SQL statements. While EPSS scoring indicates low exploitation probability (0.04th percentile), the SQL injection vector represents a critical capability if exploited, potentially enabling data exfiltration, modification, or deletion from the affected WordPress database.

SQLi
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in WPBulky WordPress plugin through version 1.1.13 allows high-privileged authenticated attackers to extract database contents and potentially cause limited service disruption. The vulnerability exists in the bulk edit functionality where user-supplied input is improperly sanitized before inclusion in SQL queries. With EPSS score of 0.04% (12th percentile) and no public exploit code identified, immediate mass exploitation appears unlikely, though administrator-level compromise could enable data exfiltration from WordPress databases.

SQLi
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Student Management System 1.0. This affects an unknown part of the file /record.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in code-projects Refugee Food Management System 1.0. The affected element is an unknown function of the file /home/home.php. This manipulation of the argument a causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Simple Stock System 1.0. Impacted is an unknown function of the file /logout.php. The manipulation of the argument uname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

PHP SQLi Simple Stock System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in DedeCMS up to version 5.7.118 via the orderby parameter in /freelist_main.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. Publicly available exploit code exists and the vulnerability requires valid user authentication (PR:L) to exploit, significantly limiting real-world risk despite network accessibility.

PHP SQLi Dedecms
NVD VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in SeaCMS up to version 13.3 via the e_id parameter in admin_video.php allows authenticated high-privilege attackers to execute arbitrary SQL queries and manipulate database content. The vulnerability requires administrative credentials, limiting real-world impact despite public exploit availability. EPSS score of 0.05% reflects the high privilege requirement needed for exploitation.

PHP SQLi Seacms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Seacms
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing a manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Campcodes Complete Online Beauty Parlor Management System 1.0. This issue affects some unknown processing of the file /admin/search-invoices.php. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Complete Online Beauty Parlor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Simple Stock System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Student Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in FastAdmin up to version 1.7.0.20250506 allows high-privilege authenticated attackers to execute arbitrary SQL queries via manipulation of the custom/searchField parameter in the selectpage function of the Backend Controller. The vulnerability requires administrator-level privileges and has publicly available exploit code, though the low CVSS score (2.0) and minimal EPSS exploitation probability (0.06%) indicate limited real-world risk despite active disclosure.

PHP SQLi Fastadmin
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in code-projects Simple Blood Donor Management System 1.0. The affected element is an unknown function of the file /editedcampaign.php. The manipulation of the argument campaignname results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

PHP SQLi Simple Blood Donor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in code-projects Simple Blood Donor Management System 1.0. Impacted is an unknown function of the file /editeddonor.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP SQLi Simple Blood Donor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in code-projects Simple Stock System 1.0. This issue affects some unknown processing of the file /market/signup.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Simple Stock System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_category.php. Performing a manipulation of the argument txtCategoryName results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in code-projects Scholars Tracking System 1.0. The impacted element is an unknown function of the file /home.php. Such manipulation of the argument post_content leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /delete_post.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Scholars Tracking System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in code-projects Online Appointment Booking System 1.0 allows high-privilege remote attackers to manipulate the managername parameter in /admin/deletemanager.php, resulting in limited confidentiality and integrity impact. EPSS score of 0.05% and CVSS 2.0 reflect the high privilege requirement (PR:H), which severely constrains real-world exploitability despite public POC availability.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the ID parameter in /admin/userdelete.php. The vulnerability requires administrator access and carries low confidentiality, integrity, and availability impact per CVSS 4.0 scoring. Publicly available exploit code exists, though EPSS scoring (0.01%, percentile 3%) indicates minimal real-world exploitation probability, suggesting the threat is primarily theoretical despite public disclosure.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to inject malicious SQL via the /admin/stateadd.php endpoint, potentially compromising database integrity and confidentiality. The vulnerability requires administrative privileges to exploit and has a low CVSS score (2.0) due to restricted scope and limited impact, but publicly available exploit code exists. Real-world risk is minimal given the high privilege barrier (PR:H), though organizations running this system should prioritize patching to prevent insider threats.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privilege administrators to execute arbitrary SQL queries via the /admin/userbuilderdelete.php endpoint. The vulnerability requires authenticated administrator access (CVSS PR:H) and affects only confidentiality and integrity with low impact. Publicly available exploit code exists, though exploitation is limited by the requirement for valid high-privilege credentials and carries low real-world risk due to EPSS score of 0.05% and the attacker profile (malicious insiders with admin accounts).

PHP SQLi Real Estate Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in CodeAstro Real Estate Management System 1.0 allows high-privileged administrators to execute arbitrary SQL queries via the /admin/useragentdelete.php endpoint. The vulnerability requires administrator credentials but poses risk to systems where admin accounts may be compromised or where privileged users are untrusted. Publicly available exploit code exists, though EPSS indicates low real-world exploitation probability at 0.05%.

PHP SQLi Real Estate Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Campcodes Supplier Management System 1.0. This affects an unknown function of the file /admin/add_retailer.php. The manipulation of the argument cmbAreaCode leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

PHP SQLi Supplier Management System
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through < 3.2.6.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mmetrodw tPlayer tplayer-html5-audio-player-with-playlist allows SQL Injection.This issue affects tPlayer: from n/a through <= 1.2.1.6.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Advance Seat Reservation Management for WooCommerce scw-seat-reservation allows SQL Injection.This issue affects Advance Seat Reservation Management for WooCommerce: from n/a through <= 3.1.

WordPress SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from n/a through <= 2.1.5.

SQLi
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Simple Stock System 1.0 via the Username parameter in /checkuser.php allows authenticated remote attackers to manipulate database queries with low impact to confidentiality, integrity, and availability. The CVSS 4.0 vector (PR:L) indicates login is required, but an EPSS score of 0.05% and very low CVSS base of 2.1 suggest minimal real-world exploitation risk despite public exploit availability.

PHP SQLi Simple Stock System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A security flaw has been discovered in code-projects Online Appointment Booking System 1.0. The impacted element is an unknown function of the file /admin/deletemanagerclinic.php. Performing manipulation of the argument clinic results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Online Appointment Booking System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Online Cake Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761 allows authenticated remote attackers to manipulate the filter parameter in the /dishtrade/dish_trade_detail_get endpoint, resulting in limited confidentiality and integrity impact. Public exploit code exists; however, the CVSS score of 2.1 and EPSS percentile of 16% indicate low real-world exploitation probability despite authenticated network accessibility, suggesting the vulnerability may require specific application knowledge or platform-dependent conditions to achieve meaningful impact.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH This Week

SQL injection in LBG Zoominoutslider WordPress plugin versions through 5.4.4 allows authenticated attackers with low-level privileges to extract sensitive database information and potentially cause denial of service. The vulnerability enables cross-scope impact, meaning attackers can access resources beyond their authorized privilege level. EPSS probability is low (0.04%, 14th percentile), indicating limited observed exploitation activity, though Patchstack's disclosure suggests active security community awareness.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through <= 1.1.32.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL Injection.This issue affects CountDown With Image or Video Background: from n/a through <= 1.5.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter: from n/a through <= 1.3.4.

SQLi
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: from n/a through <= 9.0.9.

SQLi
NVD
Prev Page 28 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy