SQL Injection

web HIGH

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements.

How It Works

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements. When developers concatenate untrusted data into queries without proper sanitization, attackers can inject SQL syntax that changes the query's logic. For example, entering ' OR '1'='1 into a login form might transform SELECT * FROM users WHERE username='input' into a query that always returns true, bypassing authentication.

Attackers follow a methodical process: first probing input fields with special characters like quotes or semicolons to trigger database errors, then identifying whether the application is vulnerable. Once confirmed, they escalate by injecting commands to extract data (UNION-based attacks to merge results from other tables), manipulate records, or probe the database structure. Blind SQL injection variants work without visible error messages—boolean-based attacks infer data by observing application behavior changes, while time-based attacks use database sleep functions to confirm successful injection through response delays.

Advanced scenarios include second-order injection, where malicious input is stored in the database and later executed in a different context, and out-of-band attacks that exfiltrate data through DNS queries or HTTP requests when direct data retrieval isn't possible. Some database systems enable attackers to execute operating system commands through built-in functions like MySQL's LOAD_FILE or SQL Server's xp_cmdshell, escalating from database compromise to full server control.

Impact

  • Complete data breach — extraction of entire database contents including credentials, personal information, and proprietary data
  • Authentication bypass — logging in as any user without knowing passwords
  • Data manipulation — unauthorized modification or deletion of critical records
  • Privilege escalation — granting administrative rights to attacker-controlled accounts
  • Remote code execution — leveraging database features to run operating system commands and compromise the underlying server
  • Lateral movement — using compromised database credentials to access other connected systems

Real-World Examples

FreePBX's CVE-2025-66039 demonstrated a complete attack chain where SQL injection across 11 parameters in four different endpoints allowed attackers to write malicious entries into the cron_jobs table. When the system's scheduler executed these entries, the injected SQL transformed into operating system commands, granting full server control. The vulnerability required no authentication, making it immediately exploitable.

E-commerce platforms have suffered massive breaches through shopping cart SQL injection, where attackers inserted skimming code into stored procedures that executed during checkout, harvesting credit card data from thousands of transactions. Healthcare systems have been compromised through patient portal vulnerabilities, exposing millions of medical records when attackers injected UNION queries to merge data from supposedly isolated tables.

Mitigation

  • Parameterized queries (prepared statements) — separates SQL logic from data, making injection syntactically impossible
  • Object-Relational Mapping (ORM) frameworks — abstracts database interactions with built-in protections when used correctly
  • Strict input validation — whitelist acceptable characters and formats, reject suspicious patterns
  • Least privilege database accounts — applications should use credentials with minimal necessary permissions
  • Web Application Firewall (WAF) — detects and blocks common injection patterns as a secondary defense layer
  • Database activity monitoring — alerts on unusual query patterns or privilege escalation attempts

Recent CVEs (4566)

CVE-2025-10832
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pet Grooming Management Software
NVD GitHub VulDB
CVE-2025-10831
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10830
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A flaw has been found in Campcodes Computer Sales and Inventory System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10829
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10828
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pet Grooming Management Software
NVD GitHub VulDB
CVE-2025-10826
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10825
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10817
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A weakness has been identified in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10813
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10812
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-59570
EPSS 0% CVSS 7.6
HIGH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFunnels Mail Mint allows SQL Injection.18.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVE-2025-58686
EPSS 0% CVSS 8.5
HIGH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quadlayers Perfect Brands for WooCommerce allows SQL Injection.6.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVE-2025-53468
EPSS 0% CVSS 8.5
HIGH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in [email protected] Wp tabber widget allows SQL Injection.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVE-2025-10811
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A flaw has been found in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10810
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was detected in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-55885
EPSS 0% CVSS 6.3
MEDIUM POC This Month

SQL Injection vulnerability in Alpes Recherche et Developpement ARD GEC en Lign before v.2025-04-23 allows a remote attacker to escalate privileges via the GET parameters in index.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gec En Ligne
NVD GitHub
CVE-2025-10809
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10808
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A weakness has been identified in Campcodes Farm Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Farm Management System
NVD GitHub VulDB
CVE-2025-10807
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Beauty Parlor Management System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10806
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10805
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10804
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in Campcodes Online Beauty Parlor Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Beauty Parlor Management System
NVD GitHub VulDB
CVE-2025-10802
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A flaw has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bidding System
NVD GitHub VulDB
CVE-2025-56075
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVE-2025-56074
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVE-2025-10801
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pet Grooming Management Software
NVD GitHub VulDB
CVE-2025-10800
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub VulDB
CVE-2025-10799
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security flaw has been discovered in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10798
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was identified in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10797
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was determined in code-projects Hostel Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10796
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in code-projects Hostel Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hostel Management System
NVD GitHub VulDB
CVE-2025-10795
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bidding System
NVD GitHub VulDB
CVE-2025-10793
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was detected in code-projects E-Commerce Website 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Commerce Website
NVD GitHub VulDB
CVE-2025-10791
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A weakness has been identified in code-projects Online Bidding System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bidding System
NVD GitHub VulDB
CVE-2025-10790
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Forum Discussion System
NVD GitHub VulDB
CVE-2025-10789
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was identified in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Reservation System
NVD VulDB
CVE-2025-10788
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was determined in SourceCodester Online Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Reservation System
NVD GitHub VulDB
CVE-2025-10786
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10785
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10784
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security vulnerability has been detected in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10783
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A weakness has been identified in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10782
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A security flaw has been discovered in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10781
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was identified in Campcodes Online Learning Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Learning Management System
NVD GitHub VulDB
CVE-2025-10780
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Pharmacy Management System
NVD GitHub VulDB
CVE-2025-10762
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was found in kuaifan DooTask up to 1.2.49. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVE-2025-10002
EPSS 0% CVSS 4.9
MEDIUM Monitor

The ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the export_csv() function in all versions up. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVE-2025-10652
EPSS 0% CVSS 6.5
MEDIUM This Month

The Robcore Netatmo plugin for WordPress is vulnerable to SQL Injection via the ‘module_id’ attribute of the robcore-netatmo shortcode in all versions up to, and including, 1.7 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVE-2025-59431
EPSS 0% CVSS 8.9
HIGH POC This Week

MapServer is a system for developing web-based GIS applications. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mapserver Suse
NVD GitHub
CVE-2025-10712
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831.php/Login/login. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub VulDB
CVE-2025-10688
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pet Grooming Management Software
NVD GitHub VulDB
CVE-2025-10687
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in SourceCodester Responsive E-Learning System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Responsive E Learning System
NVD GitHub VulDB
CVE-2025-10673
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was determined in itsourcecode Student Information Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information Management System
NVD GitHub VulDB
CVE-2025-10670
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Logbook With Health Monitoring System For Covid 19
NVD GitHub VulDB
CVE-2025-10668
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub VulDB
CVE-2025-10667
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub VulDB
CVE-2025-40677
EPSS 0% CVSS 8.7
HIGH POC This Week

SQL injection vulnerability in Summar Software´s Portal del Empleado. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD Exploit-DB
CVE-2025-10665
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Courseselectionsystem
NVD GitHub VulDB
CVE-2025-10664
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was determined in PHPGurukul Small CRM 4.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Small Crm
NVD GitHub VulDB
CVE-2024-13151
EPSS 0% CVSS 9.8
CRITICAL Act Now

CWE - 89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ESBI Information and Telecommunication Industry and Trade Limited Company Auto Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVE-2025-10663
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in PHPGurukul Online Course Registration 3.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Course Registration
NVD GitHub VulDB
CVE-2025-10662
EPSS 0% CVSS 5.1
MEDIUM POC This Month

A vulnerability has been found in SeaCMS up to 13.3. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Seacms
NVD GitHub VulDB
CVE-2025-10627
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10626
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10625
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10624
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul User Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi User Management System
NVD GitHub VulDB
CVE-2025-10623
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was identified in SourceCodester Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hotel Reservation System
NVD GitHub VulDB
CVE-2025-10621
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was determined in SourceCodester Hotel Reservation System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hotel Reservation System
NVD GitHub VulDB
CVE-2025-10620
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A flaw has been found in itsourcecode Online Clinic Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Clinic Management System
NVD GitHub VulDB
CVE-2025-10618
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Online Clinic Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Clinic Management System
NVD GitHub VulDB
CVE-2025-10617
EPSS 0% CVSS 5.3
MEDIUM This Month

A weakness has been identified in SourceCodester Online Polling System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Polling System
NVD GitHub VulDB
CVE-2025-10613
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in itsourcecode Student Information System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD GitHub VulDB
CVE-2025-10604
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was identified in PHPGurukul Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum
NVD VulDB GitHub
CVE-2025-10603
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was determined in PHPGurukul Online Discussion Forum 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Discussion Forum
NVD GitHub VulDB
CVE-2025-10602
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10601
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10599
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Web Based Internet Laboratory Management System
NVD GitHub VulDB
CVE-2025-10598
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pet Grooming Management Software
NVD GitHub VulDB
CVE-2025-10597
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Courseselectionsystem
NVD GitHub VulDB
CVE-2025-10596
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVE-2025-10595
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student File Management System
NVD GitHub VulDB
CVE-2025-10594
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A flaw has been found in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student File Management System
NVD GitHub VulDB
CVE-2025-10593
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Student File Management System
NVD GitHub VulDB
CVE-2025-10592
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Public Access Catalog
NVD GitHub VulDB
CVE-2025-10439
EPSS 0% CVSS 9.8
CRITICAL This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yordam Informatics Yordam Library Automation System allows SQL Injection.5 & 21.6 before 21.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVE-2025-10042
EPSS 0% CVSS 5.9
MEDIUM POC This Month

The Quiz Maker plugin for WordPress is vulnerable to SQL Injection via spoofed IP headers in all versions up to, and including, 6.7.0.56 due to insufficient escaping on the user supplied parameter. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress SQLi Quiz Maker +1
NVD Exploit-DB
CVE-2025-10565
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10564
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
CVE-2025-57631
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload SQLi +1
NVD GitHub
CVE-2025-10563
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
CVE-2025-10562
EPSS 0% CVSS 6.9
MEDIUM POC This Week

A flaw has been found in Campcodes Grocery Sales and Inventory System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grocery Sales And Inventory System
NVD GitHub VulDB
Prev Page 19 of 51 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
4566

Related CWEs

MITRE ATT&CK

References

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy