Skip to main content

SQLi

15176 CVEs technique

Monthly

CVE-2025-8471 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB Exploit-DB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8470 MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8469 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8468 MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8467 MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8466 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-54790 CRITICAL This Week

Files is a module for managing files inside spaces and user profiles. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Files
NVD GitHub
CVSS 4.0
9.2
EPSS
0.1%
CVE-2013-10044 HIGH POC Act Now

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi Openemr
NVD GitHub Exploit-DB
CVSS 4.0
8.7
EPSS
4.3%
CVE-2025-50868 MEDIUM This Month

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-52390 CRITICAL Act Now

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-52327 HIGH This Week

SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Restaurant Order System
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-41375 CRITICAL Act Now

SQL Injection vulnerability in Limesurvey v2.65.1+170522. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-41374 HIGH This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41373 HIGH POC This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gandia Integra Total
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-41372 HIGH This Month

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-41371 CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-41370 CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2025-8443 MEDIUM POC This Month

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8442 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8441 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8439 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8438 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8437 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8436 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8431 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8409 MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8408 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8407 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8382 LOW POC Monitor

SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8381 LOW POC Monitor

SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8378 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8376 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8375 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8374 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8373 MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8372 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8371 MEDIUM POC This Month

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8347 LOW POC Monitor

SQL injection in Kehua Charging Pile Cloud Platform 1.0 endpoint /sys/task/findAllTask allows authenticated remote attackers to execute arbitrary SQL queries with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and was disclosed to the vendor without response, though EPSS score of 0.04% suggests low real-world exploitation probability despite public POC availability.

SQLi Charging Pile Cloud Platform
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-8345 LOW Monitor

SQL injection in Lingdang CRM versions up to 8.6.4.7 allows authenticated remote attackers to execute arbitrary SQL queries via the function parameter in the delete_user function of crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. Public exploit code exists, and vendor has released patched version 8.6.5.2 to remediate the vulnerability.

PHP SQLi Lingdang Crm
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8339 MEDIUM POC This Month

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Intern Membership Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8338 MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Admission System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8336 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8334 MEDIUM POC This Month

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8333 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8332 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8331 MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8330 MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8329 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Vehicle Management
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8328 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8327 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2024-45955 HIGH POC This Week

Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zena
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2025-8326 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8264 PHP HIGH PATCH This Week

SQL injection in Z-Push IMAP backend allows unauthenticated remote attackers to access, modify, or delete data in linked third-party databases via malicious username values in basic authentication headers. Exploitation requires non-default IMAP_FROM_SQL_QUERY configuration. Publicly available exploit code exists (GitHub PR #161 demonstrates the vulnerability). CVSS 7.9 with network attack vector and no authentication required, though attack complexity increases due to the specific configuration prerequisite. Affects Z-Push versions before 2.7.6.

PHP Information Disclosure SQLi
NVD GitHub
CVSS 4.0
7.9
EPSS
0.1%
CVE-2025-8274 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8273 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8272 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-6918 CRITICAL Act Now

SQL injection in Ncvav Virtual PBX Software versions prior to 09.07.2025 allows remote unauthenticated attackers to manipulate backend database queries, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported by Turkey's national CSIRT (USOM) and carries a critical CVSS 9.8 score, though no public exploit identified at time of analysis and no EPSS data is currently available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-8271 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8270 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8269 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8254 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated remote attackers to execute arbitrary SQL queries with limited data exposure impact. The CVSS score of 2.1 reflects constraints imposed by authentication requirements (PR:L) and restricted scope, but publicly available exploit code exists; however, the 0.06% EPSS score indicates minimal real-world exploitation likelihood despite public disclosure.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8253 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8252 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8251 MEDIUM POC This Month

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8250 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8249 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8248 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8247 LOW POC Monitor

SQL injection in Projectworlds Online Admission System 1.0 allows authenticated remote attackers to manipulate the 'markof' parameter in /admin.php, leading to database queries with limited confidentiality and integrity impact. The vulnerability has publicly available exploit code, though actual exploitation appears limited given the low EPSS score (0.07%) and requirement for authenticated access, suggesting this affects only deployments where admin credentials are already compromised or accessible.

PHP SQLi Online Admission System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8241 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8240 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8239 MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8238 MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8237 MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8236 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8235 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8234 MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8233 MEDIUM POC This Month

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8232 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8230 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8229 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8220 MEDIUM POC This Month

A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cookie leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.0.3 is sufficient to fix this issue. Upgrading the affected component is advised. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Web
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-8203 LOW Monitor

SQL injection in Jingmen Zeyou Large File Upload Control through version 6.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /index.jsp, with publicly available exploit code and vendor non-responsiveness indicating limited remediation prospects.

SQLi File Upload Large File Upload Control
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8190 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact. Despite critical classification, the CVSS v4.0 score of 2.1 reflects low confidentiality, integrity, and availability impact; EPSS exploitation probability is minimal at 0.06% (19th percentile), and the vulnerability requires valid user authentication to trigger.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8189 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_user.php, affecting data confidentiality and integrity. The vulnerability has publicly available exploit code but carries a very low EPSS score (0.06%, percentile 19%), suggesting minimal real-world exploitation risk despite the critical classification and public disclosure.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8188 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /edit_staff.php, affecting database confidentiality and integrity with low severity impact. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% indicate limited real-world exploitation probability despite the vulnerability's technical criticality classification.

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8187 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_parcel.php, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, though CVSS 2.1 and EPSS 0.06% indicate limited real-world impact due to authentication requirement and low technical scope (no confidentiality or integrity impact to the system itself).

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8186 LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_branch.php, potentially compromising database confidentiality and integrity. The vulnerability requires valid user credentials (PR:L) but is easily exploitable with low technical complexity. Exploit code has been publicly disclosed, though real-world exploitation likelihood remains low per EPSS score (0.06%).

PHP SQLi Courier Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-8185 MEDIUM This Month

A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8179 MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Local Services Search Engine Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-8173 MEDIUM POC This Month

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 9.2
CRITICAL This Week

Files is a module for managing files inside spaces and user profiles. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Files
NVD GitHub
EPSS 4% CVSS 8.7
HIGH POC Act Now

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

A SQL Injection vulnerability exists in the takeassessment2.php file of CloudClassroom-PHP-Project 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Saurus CMS Community Edition since commit d886e5b0 (2010-04-23) is vulnerable to a SQL Injection vulnerability in the `prepareSearchQuery()` method in `FulltextSearch.class.php`. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Restaurant Order System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL Injection vulnerability in Limesurvey v2.65.1+170522. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Limesurvey
NVD
EPSS 0% CVSS 8.7
HIGH This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gandia Integra Total
NVD Exploit-DB
EPSS 0% CVSS 8.7
HIGH This Month

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Gandia Integra Total
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Online Medicine Guide 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Wazifa System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Kitchen Treasure 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter.php. The manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /filter1.php. The manipulation of the argument vehicle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Vehicle Management 1.0. This issue affects some unknown processing of the file /filter2.php. The manipulation of the argument from leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Campcodes Online Hotel Reservation System 1.0 allows authenticated remote attackers to manipulate the room_id parameter in /admin/edit_room.php, enabling data exfiltration and modification with low impact. The vulnerability requires valid login credentials (PR:L) and carries a CVSS 2.1 score reflecting limited scope; however, the public exploit disclosure and EPSS percentile 20 suggest limited real-world exploitation interest despite active availability of proof-of-concept code.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Campcodes Online Hotel Reservation System 1.0 via the room_id parameter in /add_reserve.php allows authenticated remote attackers to execute arbitrary SQL queries, but CVSS 2.1 and EPSS 0.07% (20th percentile) indicate minimal real-world risk despite public exploit availability. The vulnerability requires valid user authentication and produces only low confidentiality, integrity, and availability impact-inconsistent with the 'critical' classification in the initial report.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in Campcodes Online Hotel Reservation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Vehicle Management 1.0. Affected is an unknown function of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been rated as critical. This issue affects some unknown processing of the file /addvehicle.php. The manipulation of the argument vehicle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Vehicle Management 1.0. It has been classified as critical. This affects an unknown part of the file /print.php. The manipulation of the argument sno leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/update_s7.php. The manipulation of the argument credits leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Kehua Charging Pile Cloud Platform 1.0 endpoint /sys/task/findAllTask allows authenticated remote attackers to execute arbitrary SQL queries with limited confidentiality and integrity impact. The vulnerability has a publicly available exploit and was disclosed to the vendor without response, though EPSS score of 0.04% suggests low real-world exploitation probability despite public POC availability.

SQLi Charging Pile Cloud Platform
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Lingdang CRM versions up to 8.6.4.7 allows authenticated remote attackers to execute arbitrary SQL queries via the function parameter in the delete_user function of crm/WeiXinApp/yunzhijia/yunzhijiaApi.php. Public exploit code exists, and vendor has released patched version 8.6.5.2 to remediate the vulnerability.

PHP SQLi Lingdang Crm
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /student_login.php. The manipulation of the argument user_name/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Intern Membership Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /adminac.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Admission System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Farm System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Vehicle Management 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit1.php. The manipulation of the argument sno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Vehicle Management
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /register.php. The manipulation of the argument USN leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH POC This Week

Rocket Software Rocket Zena 4.4.1.26 is vulnerable to SQL Injection via the filter parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zena
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/delete_s7.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 7.9
HIGH PATCH This Week

SQL injection in Z-Push IMAP backend allows unauthenticated remote attackers to access, modify, or delete data in linked third-party databases via malicious username values in basic authentication headers. Exploitation requires non-default IMAP_FROM_SQL_QUERY configuration. Publicly available exploit code exists (GitHub PR #161 demonstrates the vulnerability). CVSS 7.9 with network attack vector and no authentication required, though attack complexity increases due to the specific configuration prerequisite. Affects Z-Push versions before 2.7.6.

PHP Information Disclosure SQLi
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=save_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Recruitment Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s8.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in Ncvav Virtual PBX Software versions prior to 09.07.2025 allows remote unauthenticated attackers to manipulate backend database queries, leading to full compromise of confidentiality, integrity, and availability. The flaw was reported by Turkey's national CSIRT (USOM) and carries a critical CVSS 9.8 score, though no public exploit identified at time of analysis and no EPSS data is currently available.

SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s2.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s1.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated remote attackers to execute arbitrary SQL queries with limited data exposure impact. The CVSS score of 2.1 reflects constraints imposed by authentication requirements (PR:L) and restricted scope, but publicly available exploit code exists; however, the 0.06% EPSS score indicates minimal real-world exploitation likelihood despite public disclosure.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been classified as critical. This affects an unknown part of the file /admin/delete_s6.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_s5.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s4.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s3.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Projectworlds Online Admission System 1.0 allows authenticated remote attackers to manipulate the 'markof' parameter in /admin.php, leading to database queries with limited confidentiality and integrity impact. The vulnerability has publicly available exploit code, though actual exploitation appears limited given the low EPSS score (0.07%) and requirement for authenticated access, suggesting this affects only deployments where admin credentials are already compromised or accessible.

PHP SQLi Online Admission System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /user/dashboard.php. The manipulation of the argument phone leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Exam Form Submission 1.0. Affected is an unknown function of the file /admin/update_s2.php. The manipulation of the argument credits leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Exam Form Submission
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Online Ordering System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in Engeman Web up to 12.0.0.2. The affected element is an unknown function of the file /Login/RecoveryPass of the component Password Recovery Page. The manipulation of the argument LanguageCombobox as part of Cookie leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.0.3 is sufficient to fix this issue. Upgrading the affected component is advised. The vendor was contacted early about this disclosure but did not respond in any way.

SQLi Web
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Jingmen Zeyou Large File Upload Control through version 6.3 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /index.jsp, with publicly available exploit code and vendor non-responsiveness indicating limited remediation prospects.

SQLi File Upload Large File Upload Control
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact. Despite critical classification, the CVSS v4.0 score of 2.1 reflects low confidentiality, integrity, and availability impact; EPSS exploitation probability is minimal at 0.06% (19th percentile), and the vulnerability requires valid user authentication to trigger.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_user.php, affecting data confidentiality and integrity. The vulnerability has publicly available exploit code but carries a very low EPSS score (0.06%, percentile 19%), suggesting minimal real-world exploitation risk despite the critical classification and public disclosure.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /edit_staff.php, affecting database confidentiality and integrity with low severity impact. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% indicate limited real-world exploitation probability despite the vulnerability's technical criticality classification.

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_parcel.php, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, though CVSS 2.1 and EPSS 0.06% indicate limited real-world impact due to authentication requirement and low technical scope (no confidentiality or integrity impact to the system itself).

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_branch.php, potentially compromising database confidentiality and integrity. The vulnerability requires valid user credentials (PR:L) but is easily exploitable with low technical complexity. Exploit code has been publicly disclosed, though real-world exploitation likelihood remains low per EPSS score (0.06%).

PHP SQLi Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Local Services Search Engine Management System
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi Abc Courier Management System
NVD GitHub VulDB
Prev Page 43 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy