Skip to main content

SQLi

15171 CVEs technique

Monthly

CVE-2025-11401 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11400 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11399 LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11397 MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11396 MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Simple Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-0603 CRITICAL Act Now

SQL injection in Callvision Healthcare's Callvision Emergency Code product (versions prior to V3.0) allows remote unauthenticated attackers to manipulate backend database queries, including via blind SQLi techniques. The flaw carries a CVSS 9.8 critical rating with complete confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Reported through Turkey's national CERT (USOM), this vulnerability is particularly concerning given the healthcare-emergency context where the affected system likely processes sensitive patient or incident data.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-11359 LOW POC Monitor

SQL injection in Simple Banking System 1.0 via the ID parameter in /transfermoney.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. The vulnerability requires login credentials (PR:L) and exploitation probability is low (EPSS 0.03%), but publicly available exploit code exists and disclosure has occurred.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11358 LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /removeuser.php, leading to unauthorized database queries with limited information disclosure impact. The CVSS score of 2.1 reflects restricted exploitation scope (authenticated access required, PR:L), but publicly available exploit code exists, warranting patched deployment if still in use.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11357 LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /createuser.php and execute arbitrary SQL queries, resulting in limited impact to confidentiality, integrity, and availability. The vulnerability has a low CVSS score of 2.1 due to requirement for prior authentication (PR:L) and limited scope of impact, but publicly available exploit code exists and the EPSS score of 0.03% suggests minimal real-world exploitation probability despite public POC availability.

PHP SQLi Simple Banking System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11350 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11349 MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11348 MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11343 MEDIUM POC This Month

A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Crud Operation System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11342 LOW POC Monitor

SQL injection in code-projects Online Course Registration 1.0 allows high-privileged remote attackers to manipulate the coursecode parameter in /admin/edit-course.php, potentially extracting or modifying database contents. CVSS 4.0 reflects limited scope (only confidentiality/integrity impact to database layer with no system scope expansion), but the vulnerability requires administrative authentication (PR:H), significantly constraining real-world risk despite public exploit availability and 0.03% EPSS indicating minimal spontaneous exploitation likelihood.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-11334 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11330 LOW POC Monitor

SQL injection in PHPGurukul Beauty Parlour Management System 1.1 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated fromdate and todate parameters in /admin/sales-reports-detail.php. The vulnerability has low real-world impact (CVSS 2.1, EPSS 0.04%) despite public exploit availability, as it requires valid admin authentication and yields only limited data disclosure without full database manipulation capability.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11329 MEDIUM POC This Month

A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11319 LOW Monitor

SQL injection in nahiduddinahammed Hospital-Management-System-Website allows authenticated remote attackers to execute arbitrary SQL queries via the ai parameter in /delete.php, with public exploit code available. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite network accessibility, as exploitation requires valid user authentication and produces only limited confidentiality impact. The vendor has not responded to disclosure attempts.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11317 MEDIUM POC This Month

A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11316 MEDIUM POC This Month

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11315 MEDIUM POC This Month

A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11314 MEDIUM POC This Month

A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11313 MEDIUM POC This Month

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11312 MEDIUM POC This Month

A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11311 MEDIUM POC This Month

A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11310 MEDIUM POC This Month

A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11309 MEDIUM POC This Month

A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the argument sort results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11288 LOW Monitor

SQL injection in CRMEB up to version 5.6 allows authenticated remote attackers to manipulate the cate_id parameter in GET requests to the /adminapi/product/product endpoint, potentially leading to unauthorized data access or modification. The vulnerability requires valid login credentials and has limited technical impact according to CVSS 4.0 (integrity and availability scope unchanged), but publicly available exploit code exists and the vendor has not responded to disclosure.

SQLi Crmeb
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-10692 HIGH This Week

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user (level ≥ 1) can inject SQL to alter the filter logic, effectively bypassing department scoping and disclosing tickets beyond their intended access.This issue affects OpenSupports: 4.11.0.

SQLi
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-54153 HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

SQLi Qsync Central
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53595 HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

SQLi Qsync Central
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56804 HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

SQLi Video Station
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-57423 MEDIUM This Month

A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database.

SQLi Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-9200 HIGH This Week

The Blappsta Mobile App Plugin - Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress Android PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-9199 MEDIUM This Month

The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9198 MEDIUM This Month

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-40636 CRITICAL Act Now

SQL injection in Joomla mod_vvisit_counter v2.0.4j3.

SQLi Joomla
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-10726 CRITICAL Act Now

SQL injection in WPRecovery WordPress plugin.

SQLi WordPress PHP
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-10582 HIGH This Week

The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-0616 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co.

SQLi
NVD VulDB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-61605 CRITICAL POC PATCH Act Now

Second SQL injection in WeGIA 3.4.12. PoC and patch available.

SQLi PHP Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-61603 CRITICAL POC PATCH Act Now

SQL injection in WeGIA 3.4.12 and below. PoC and patch available.

SQLi PHP Wegia
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-56162 MEDIUM POC This Month

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modify database data, including dumping admin password hashes; (b) write web-shell files or invoke xp_cmdshell, leading to remote code execution on servers configured with sufficient DB privileges.

SQLi RCE Firefly Mall
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-61096 MEDIUM POC This Month

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

SQLi PHP Online Shopping Portal Project
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-59743 CRITICAL Act Now

SQL injection in AndSoft e-TMS v25.03 allows database compromise.

SQLi E Tms
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-59742 CRITICAL Act Now

SQL injection in AndSoft e-TMS v25.03 allows database compromise.

SQLi E Tms
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-56381 MEDIUM POC This Month

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

SQLi Erpnext Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-56380 MEDIUM POC This Month

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

SQLi Erpnext Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-9697 CRITICAL Act Now

SQLi in Ajax WooSearch WordPress plugin through 1.0.0.

SQLi WordPress PHP
NVD WPScan
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-9587 HIGH This Week

The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

SQLi WordPress PHP
NVD WPScan
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-11020 HIGH This Week

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

SQLi Path Traversal File Upload Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-59681 PyPI HIGH PATCH GHSA This Week

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

SQLi Python Ubuntu Debian Django +2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-52042 HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52041 HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52040 HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-52039 HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.2
EPSS
0.0%
CVE-2025-57254 MEDIUM This Month

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-23292 MEDIUM Monitor

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. Rated medium severity (CVSS 4.6). No vendor patch available.

Denial Of Service Nvidia Nosql Injection SQLi
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-52050 MEDIUM POC PATCH This Month

In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52049 MEDIUM POC PATCH This Month

In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52047 MEDIUM POC PATCH This Week

In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52043 MEDIUM POC PATCH This Week

In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-8877 HIGH This Month

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-8122 HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-8121 HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2024-13150 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.Pro ERP: through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-8868 CRITICAL POC PATCH THREAT Act Now

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.3%.

SQLi Automate
NVD
CVSS 3.1
9.8
EPSS
17.3%
Threat
4.0
CVE-2025-6724 HIGH PATCH This Month

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Automate
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11118 MEDIUM POC This Month

A vulnerability was identified in CodeAstro Student Grading System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11116 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11115 MEDIUM POC This Month

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11114 LOW POC Monitor

A flaw has been found in CodeAstro Online Leave Application 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11113 LOW POC Monitor

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11111 MEDIUM POC This Month

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11110 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11109 MEDIUM POC This Month

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11108 MEDIUM POC This Month

A vulnerability was determined in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11107 MEDIUM POC This Month

A vulnerability was found in code-projects Simple Scheduling System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11106 MEDIUM POC This Month

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11105 MEDIUM POC This Month

A flaw has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11104 LOW POC Monitor

A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11102 MEDIUM POC This Month

A weakness has been identified in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11101 MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11094 MEDIUM This Month

A security vulnerability has been detected in code-projects E-Commerce Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11090 LOW POC Monitor

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11089 MEDIUM POC This Month

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11088 LOW POC Monitor

A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-11077 MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11076 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11075 MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the currcode parameter in /pages/save_curr.php, enabling arbitrary SQL query execution with limited confidentiality and integrity impact. CVSS 2.1 reflects the authentication requirement (PR:L) and restricted scope, but publicly available exploit code exists despite low EPSS score (0.03%), suggesting this is a low-priority threat suitable only for defense-in-depth and secure coding reviews rather than emergency patching.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /del_room.php, enabling database query modification with limited confidentiality and integrity impact. Publicly available exploit code exists; however, EPSS score of 0.03% indicates minimal real-world exploitation probability despite low attack complexity, suggesting this is primarily a security researcher proof-of-concept rather than an active threat.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in SourceCodester Hotel and Lodge Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the floorno parameter in /pages/save_room.php, affecting data confidentiality and integrity with limited scope. CVSS score of 2.1 reflects low severity due to authentication requirement and limited impact, though publicly available exploit code exists and EPSS suggests minimal real-world exploitation probability at 0.03%.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Simple Food Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Callvision Healthcare's Callvision Emergency Code product (versions prior to V3.0) allows remote unauthenticated attackers to manipulate backend database queries, including via blind SQLi techniques. The flaw carries a CVSS 9.8 critical rating with complete confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. Reported through Turkey's national CERT (USOM), this vulnerability is particularly concerning given the healthcare-emergency context where the affected system likely processes sensitive patient or incident data.

SQLi
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Simple Banking System 1.0 via the ID parameter in /transfermoney.php allows authenticated remote attackers to execute arbitrary SQL queries with low impact on confidentiality, integrity, and availability. The vulnerability requires login credentials (PR:L) and exploitation probability is low (EPSS 0.03%), but publicly available exploit code exists and disclosure has occurred.

PHP SQLi Simple Banking System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the ID parameter in /removeuser.php, leading to unauthorized database queries with limited information disclosure impact. The CVSS score of 2.1 reflects restricted exploitation scope (authenticated access required, PR:L), but publicly available exploit code exists, warranting patched deployment if still in use.

PHP SQLi Simple Banking System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Simple Banking System 1.0 allows authenticated remote attackers to manipulate the Name parameter in /createuser.php and execute arbitrary SQL queries, resulting in limited impact to confidentiality, integrity, and availability. The vulnerability has a low CVSS score of 2.1 due to requirement for prior authentication (PR:L) and limited scope of impact, but publicly available exploit code exists and the EPSS score of 0.03% suggests minimal real-world exploitation probability despite public POC availability.

PHP SQLi Simple Banking System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in code-projects Student Crud Operation 3.3. Affected is an unknown function of the file delete.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

PHP SQLi Crud Operation System
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in code-projects Online Course Registration 1.0 allows high-privileged remote attackers to manipulate the coursecode parameter in /admin/edit-course.php, potentially extracting or modifying database contents. CVSS 4.0 reflects limited scope (only confidentiality/integrity impact to database layer with no system scope expansion), but the vulnerability requires administrative authentication (PR:H), significantly constraining real-world risk despite public exploit availability and 0.03% EPSS indicating minimal spontaneous exploitation likelihood.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in PHPGurukul Beauty Parlour Management System 1.1 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated fromdate and todate parameters in /admin/sales-reports-detail.php. The vulnerability has low real-world impact (CVSS 2.1, EPSS 0.04%) despite public exploit availability, as it requires valid admin authentication and yields only limited data disclosure without full database manipulation capability.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

PHP SQLi Online Course Registration Site
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in nahiduddinahammed Hospital-Management-System-Website allows authenticated remote attackers to execute arbitrary SQL queries via the ai parameter in /delete.php, with public exploit code available. The CVSS 2.1 score and 0.03% EPSS percentile indicate low real-world risk despite network accessibility, as exploitation requires valid user authentication and produces only limited confidentiality impact. The vendor has not responded to disclosure attempts.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findRolePage of the file findSingConfigPage.do. The manipulation of the argument sort leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this issue is the function findCategoryPage of the file findCategoryPage.do. Executing manipulation of the argument tenantId can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected by this vulnerability is the function findUserPage of the file findUserPage.do. Performing manipulation of the argument sort results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Affected is the function findRolePage of the file findSingConfigPage.do. Such manipulation of the argument sort leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This impacts the function findRolePage of the file findRolePage.do. This manipulation of the argument sort causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. This affects the function findModulePage of the file findModulePage.do. The manipulation of the argument sort results in sql injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The impacted element is the function findTenantPage of the file findTenantPage.do. The manipulation of the argument sort leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. The affected element is the function findFileServerPage of the file findFileServerPage.do. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. Impacted is the function doFilter of the file findDeptPage.do. Performing manipulation of the argument sort results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Data Leakage Prevention System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in CRMEB up to version 5.6 allows authenticated remote attackers to manipulate the cate_id parameter in GET requests to the /adminapi/product/product endpoint, potentially leading to unauthorized data access or modification. The vulnerability requires valid login credentials and has limited technical impact according to CVSS 4.0 (integrity and availability scope unchanged), but publicly available exploit code exists and the vendor has not responded to disclosure.

SQLi Crmeb
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

The endpoint POST /api/staff/get-new-tickets concatenates the user-controlled parameter departmentId directly into the SQL WHERE clause without parameter binding. As a result, an authenticated staff user (level ≥ 1) can inject SQL to alter the filter logic, effectively bypassing department scoping and disclosing tickets beyond their intended access.This issue affects OpenSupports: 4.11.0.

SQLi
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

SQLi Qsync Central
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.2 ( 2025/07/31 ) and later

SQLi Qsync Central
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

An SQL injection vulnerability has been reported to affect Video Station. If a remote attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: Video Station 5.8.4 and later

SQLi Video Station
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database.

SQLi Information Disclosure
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

The Blappsta Mobile App Plugin - Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nh_ynaa_comments() function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress Android +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in Joomla mod_vvisit_counter v2.0.4j3.

SQLi Joomla
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

SQL injection in WPRecovery WordPress plugin.

SQLi WordPress PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The WP Dispatcher plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

SQLi WordPress PHP
NVD
EPSS 0% CVSS 8.2
HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Teknolojik Center Telecommunication Industry Trade Co.

SQLi
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Second SQL injection in WeGIA 3.4.12. PoC and patch available.

SQLi PHP Wegia
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

SQL injection in WeGIA 3.4.12 and below. PoC and patch available.

SQLi PHP Wegia
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

YOSHOP 2.0 suffers from an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), allowing attackers to: (a) enumerate or modify database data, including dumping admin password hashes; (b) write web-shell files or invoke xp_cmdshell, leading to remote code execution on servers configured with sufficient DB privileges.

SQLi RCE Firefly Mall
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

SQLi PHP Online Shopping Portal Project
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in AndSoft e-TMS v25.03 allows database compromise.

SQLi E Tms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in AndSoft e-TMS v25.03 allows database compromise.

SQLi E Tms
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

ERPNEXT v15.67.0 was discovered to contain multiple SQL injection vulnerabilities in the /api/method/frappe.desk.reportview.get endpoint via the order_by and group_by parameters.

SQLi Erpnext Frappe
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Frappe Framework v15.72.4 was discovered to contain a SQL injection vulnerability via the fieldname parameter in the frappe.client.get_value API endpoint and a crafted script to the fieldname parameter

SQLi Erpnext Frappe
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQLi in Ajax WooSearch WordPress plugin through 1.0.0.

SQLi WordPress PHP
NVD WPScan
EPSS 0% CVSS 8.6
HIGH This Week

The CTL Behance Importer Lite WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

SQLi WordPress PHP
NVD WPScan
EPSS 0% CVSS 8.8
HIGH This Week

An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.

SQLi Path Traversal File Upload +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate(), and QuerySet.extra() are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to these methods (on MySQL and MariaDB).

SQLi Python Ubuntu +4
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_rfq_containing_supplier() at erpnext/buying/doctype/request_for_quotation/request_for_quotation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting SQL query via the txt parameter.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_stock_balance_for() at erpnext/stock/doctype/stock_reconciliation/stock_reconciliation.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the inventory_dimensions_dict parameter.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_blanket_orders() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker can extract all information from databases by injecting a SQL query into the blanket_order_type parameter.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 8.2
HIGH POC PATCH This Week

In Frappe ERPNext 15.57.5, the function get_material_requests_based_on_supplier() at erpnext/stock/doctype/material_request/material_request.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the txt parameter.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM Monitor

NVIDIA Delegated Licensing Service for all appliance platforms contains a SQL injection vulnerability where an User/Attacker may cause an authorized action. Rated medium severity (CVSS 4.6). No vendor patch available.

Denial Of Service Nvidia Nosql Injection +1
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

In Frappe ERPNext 15.57.5, the function get_loyalty_program_details_with_points() at erpnext/accounts/doctype/loyalty_program/loyalty_program.py is vulnerable to SQL Injection, which allows an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

In Frappe ErpNext v15.57.5, the function get_timesheet_detail_rate() at erpnext/projects/doctype/timesheet/timesheet.py is vulnerable to SQL Injection, which allows an attacker to extract all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

The AffiliateWP plugin for WordPress is vulnerable to SQL Injection via the ajax_get_affiliate_id_from_login function in all versions up to, and including, 2.28.2 due to insufficient escaping on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pad Cms
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Fayton Software and Consulting Services fayton.Pro ERP allows SQL Injection.Pro ERP: through. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
EPSS 17% 4.0 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.3%.

SQLi Automate
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Automate
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in CodeAstro Student Grading System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A flaw has been found in CodeAstro Online Leave Application 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was detected in CodeAstro Online Leave Application 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in Campcodes Advanced Online Voting Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was identified in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Simple Scheduling System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A flaw has been found in code-projects Simple Scheduling System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A weakness has been identified in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A security flaw has been discovered in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A security vulnerability has been detected in code-projects E-Commerce Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A vulnerability was identified in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

A weakness has been identified in itsourcecode Open Source Job Portal 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
Prev Page 35 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy