Skip to main content

SQLi

15171 CVEs technique

Monthly

CVE-2025-13233 MEDIUM POC This Month

A vulnerability has been found in itsourcecode Inventory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13210 LOW POC Monitor

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13208 LOW Monitor

A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-13203 MEDIUM POC This Month

A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13201 MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8994 MEDIUM This Month

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More - WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64084 MEDIUM POC PATCH This Month

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Cloudlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-63724 MEDIUM POC This Month

SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Svx Portal
NVD
CVSS 3.1
6.0
EPSS
0.1%
CVE-2025-13172 LOW Monitor

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13171 LOW POC Monitor

A vulnerability was identified in ZZCMS 2023. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13170 MEDIUM POC This Month

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13169 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-55016 MEDIUM POC This Week

PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44640 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44639 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44636 MEDIUM This Month

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Student Record System
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-44633 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44632 MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-44630 MEDIUM POC This Week

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-13168 LOW POC PATCH Monitor

A weakness has been identified in ury-erp ury up to 0.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-11981 MEDIUM Monitor

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2022-4984 HIGH POC This Week

ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-13123 LOW POC Monitor

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-13122 MEDIUM POC This Month

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13121 MEDIUM POC This Month

A security vulnerability has been detected in cameasy Liketea 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12620 MEDIUM Monitor

The Poll Maker - Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-13076 LOW POC Monitor

A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13075 LOW POC Monitor

A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-13060 MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-13059 LOW POC Monitor

A weakness has been identified in SourceCodester Alumni Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-56385 CRITICAL Act Now

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Harmony
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13057 LOW POC Monitor

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-64293 HIGH This Week

SQL injection in the 0 Day Analytics WordPress plugin versions through 4.0.0 allows high-privilege authenticated attackers to execute arbitrary SQL queries with cross-scope impact. Reported by Patchstack audit team, this CWE-89 flaw enables database extraction despite requiring admin-level credentials. EPSS score of 0.05% (16th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-64280 CRITICAL This Week

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Community Development
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-11454 MEDIUM This Month

The Specific Content For Mobile - Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59499 HIGH This Month

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sql Server 2016 Sql Server 2017 Sql Server 2019 Sql Server 2022
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-8324 CRITICAL This Week

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2025-42889 MEDIUM This Month

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-64519 PHP HIGH POC PATCH This Week

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Torrentpier
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63497 HIGH This Month

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-12939 LOW POC Monitor

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12938 MEDIUM POC This Month

A vulnerability was identified in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-12409 HIGH This Month

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2025-12397 HIGH This Month

A SQL injection vulnerability was found in Looker Studio. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-12933 LOW POC Monitor

A vulnerability was identified in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12932 LOW POC Monitor

A vulnerability was determined in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12931 LOW POC Monitor

A vulnerability was found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12930 LOW POC Monitor

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12929 MEDIUM POC This Month

A flaw has been found in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12928 MEDIUM POC This Month

A vulnerability was detected in code-projects Online Job Search Engine 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-12927 LOW Monitor

A security vulnerability has been detected in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12926 LOW POC Monitor

A weakness has been identified in SourceCodester Farm Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-12865 HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-12864 HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
CVSS 4.0
8.7
EPSS
0.2%
CVE-2025-12914 LOW Monitor

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-12913 LOW POC Monitor

A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11980 MEDIUM Monitor

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'delete_orphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-11972 MEDIUM Monitor

The Tag, Category, and Taxonomy Manager - AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-11452 HIGH This Month

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-64493 MEDIUM This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-64492 HIGH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-64488 HIGH PATCH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Suitecrm
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-63718 MEDIUM POC This Week

A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patients Waiting Area Queue Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12873 LOW POC Monitor

A security flaw has been discovered in Campcodes School File Management 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-63689 CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Money Pos
NVD GitHub
CVSS 3.1
10.0
EPSS
0.4%
CVE-2025-52425 CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 4.0
9.5
EPSS
0.2%
CVE-2025-12861 LOW Monitor

A vulnerability was determined in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12860 LOW Monitor

A vulnerability was found in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12859 LOW Monitor

A vulnerability has been found in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12857 LOW POC Monitor

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12856 LOW POC Monitor

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12855 LOW POC Monitor

A security flaw has been discovered in code-projects Responsive Hotel Site 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-12853 LOW POC Monitor

A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-10968 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10870 CRITICAL This Week

SQL injection vulnerability in DIAL's CentrosNet v2.64. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-34247 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-34246 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34245 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34244 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34243 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34242 HIGH This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-34241 MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-34240 HIGH This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2022-50595 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50594 HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2022-50593 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50592 CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
CVSS 4.0
9.3
EPSS
0.4%
CVE-2022-50591 HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2022-50589 CRITICAL Act Now

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Suitecrm
NVD
CVSS 4.0
9.3
EPSS
0.3%
CVE-2025-60239 HIGH This Week

Blind SQL injection in CoSchool LMS WordPress plugin through version 1.4.3 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially cause service disruption. The vulnerability is exploitable remotely with low attack complexity and enables scope escalation beyond the plugin's intended permissions. Currently showing low exploitation probability (EPSS 6th percentile), with no confirmed active exploitation or public exploit code.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in itsourcecode Inventory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

A security flaw has been discovered in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in code-projects Simple Cafe Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Cafe Ordering System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More - WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

An authenticated SQL injection vulnerability exists in Cloudlog 2.7.5 and earlier. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Cloudlog
NVD GitHub
EPSS 0% CVSS 6.0
MEDIUM POC This Month

SQL injection (SQL-i) vulnerability in SVX Portal 2.7A via crafted POST request to admin/update_setings.php. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Svx Portal
NVD
EPSS 0% CVSS 2.1
LOW Monitor

A security flaw has been discovered in CodeAstro Gym Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in ZZCMS 2023. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in code-projects Simple Online Hotel Reservation System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in code-projects Simple Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM POC This Week

PHPGurukul Student Record Management System 3.20 is vulnerable to SQL Injection via the id and password parameters in login.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the course-short, course-full, and cdate parameters in add-course.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the sub1, sub2, sub3, sub4, and course-short parameters in add-subject.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the adminname and aemailid parameters in /admin-profile.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP Student Record System
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the currentpassword parameter in change-password.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

PHPGurukul Student Record System 3.20 is vulnerable to SQL Injection via the id and emailid parameters in password-recovery.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Student Record System
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC PATCH Monitor

A weakness has been identified in ury-erp ury up to 0.2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM Monitor

The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

ZenTao Biz < 6.5, ZenTao Max < 3.0, ZenTao Open Source Edition < 16.5, and ZenTao Open Source Edition < 16.5.beta1 contain an SQL injection vulnerability in the login functionality. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in cameasy Liketea 1.0.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM Monitor

The Poll Maker - Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to generic SQL Injection via the ‘filterbyauthor’ parameter in all versions up to, and including, 6.0.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 2.0
LOW POC Monitor

A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in SourceCodester Alumni Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass Harmony
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB GitHub
EPSS 0% CVSS 7.6
HIGH This Week

SQL injection in the 0 Day Analytics WordPress plugin versions through 4.0.0 allows high-privilege authenticated attackers to execute arbitrary SQL queries with cross-scope impact. Reported by Patchstack audit team, this CWE-89 flaw enables database extraction despite requiring admin-level credentials. EPSS score of 0.05% (16th percentile) indicates low predicted exploitation probability, and no active exploitation or public POC has been identified.

SQLi
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Community Development
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Specific Content For Mobile - Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sql Server 2016 Sql Server 2017 +2
NVD
EPSS 4% CVSS 9.8
CRITICAL This Week

Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

SAP Starter Solution allows an authenticated attacker to execute crafted database queries, thereby exposing the back-end database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Torrentpier
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Month

The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP Hospital Management System
NVD GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Month

A SQL injection vulnerability was discovered in Looker Studio that allowed for data exfiltration from BigQuery data sources. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
EPSS 0% CVSS 7.6
HIGH This Month

A SQL injection vulnerability was found in Looker Studio. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was determined in SourceCodester Baby Care System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in code-projects Online Job Search Engine 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A security vulnerability has been detected in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in SourceCodester Farm Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.7
HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
EPSS 0% CVSS 8.7
HIGH This Month

U-Office Force developed by e-Excellence has a SQL Injection vulnerability, allowing authenticated remote attacker to inject arbitrary SQL commands to read, modify, and delete database contents. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft U Office Force
NVD
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability has been found in aaPanel BaoTa up to 11.2.x. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM Monitor

The Quick Featured Images plugin for WordPress is vulnerable to SQL Injection via the 'delete_orphaned' function in all versions up to, and including, 13.7.3 due to insufficient escaping on the user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

The Tag, Category, and Taxonomy Manager - AI Autotagger with OpenAI plugin for WordPress is vulnerable to SQL Injection via the 'post_types' parameter in all versions up to, and including, 3.40.0 due. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosforum_unread_exclude']' cookie in all versions up to, and including, 3.1.0 due to insufficient escaping. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Suitecrm
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Information Disclosure Suitecrm
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Suitecrm
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Week

A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Patients Waiting Area Queue Management System
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in Campcodes School File Management 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD VulDB GitHub
EPSS 0% CVSS 10.0
CRITICAL POC PATCH Act Now

Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi RCE Money Pos
NVD GitHub
EPSS 0% CVSS 9.5
CRITICAL This Week

An SQL injection vulnerability has been reported to affect QuMagie. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability was determined in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability was found in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW Monitor

A vulnerability has been found in DedeBIZ up to 6.3.2. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security vulnerability has been detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A weakness has been identified in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A security flaw has been discovered in code-projects Responsive Hotel Site 1.0.php. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
EPSS 0% CVSS 9.3
CRITICAL This Week

SQL injection vulnerability in DIAL's CentrosNet v2.64. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 8.6
HIGH This Month

Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Webaccess Vpn
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Iview
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Advantech iView versions prior to v5.7.04 build 6425 contain a vulnerability within the SNMP management tool that allows for remote attackers to bypass authentication checks and reach a SQL injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Iview
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

SuiteCRM versions prior to 7.12.6 contain a SQL injection vulnerability within the processing of the ‘uid’ parameter within the ‘export’ functionality. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi RCE Suitecrm
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in CoSchool LMS WordPress plugin through version 1.4.3 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially cause service disruption. The vulnerability is exploitable remotely with low attack complexity and enables scope escalation beyond the plugin's intended permissions. Currently showing low exploitation probability (EPSS 6th percentile), with no confirmed active exploitation or public exploit code.

SQLi
NVD
Prev Page 32 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy