SQL Injection

web HIGH

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements.

How It Works

SQL injection exploits the way applications construct database queries by mixing user input directly into SQL statements. When developers concatenate untrusted data into queries without proper sanitization, attackers can inject SQL syntax that changes the query's logic. For example, entering ' OR '1'='1 into a login form might transform SELECT * FROM users WHERE username='input' into a query that always returns true, bypassing authentication.

Attackers follow a methodical process: first probing input fields with special characters like quotes or semicolons to trigger database errors, then identifying whether the application is vulnerable. Once confirmed, they escalate by injecting commands to extract data (UNION-based attacks to merge results from other tables), manipulate records, or probe the database structure. Blind SQL injection variants work without visible error messages—boolean-based attacks infer data by observing application behavior changes, while time-based attacks use database sleep functions to confirm successful injection through response delays.

Advanced scenarios include second-order injection, where malicious input is stored in the database and later executed in a different context, and out-of-band attacks that exfiltrate data through DNS queries or HTTP requests when direct data retrieval isn't possible. Some database systems enable attackers to execute operating system commands through built-in functions like MySQL's LOAD_FILE or SQL Server's xp_cmdshell, escalating from database compromise to full server control.

Impact

  • Complete data breach — extraction of entire database contents including credentials, personal information, and proprietary data
  • Authentication bypass — logging in as any user without knowing passwords
  • Data manipulation — unauthorized modification or deletion of critical records
  • Privilege escalation — granting administrative rights to attacker-controlled accounts
  • Remote code execution — leveraging database features to run operating system commands and compromise the underlying server
  • Lateral movement — using compromised database credentials to access other connected systems

Real-World Examples

FreePBX's CVE-2025-66039 demonstrated a complete attack chain where SQL injection across 11 parameters in four different endpoints allowed attackers to write malicious entries into the cron_jobs table. When the system's scheduler executed these entries, the injected SQL transformed into operating system commands, granting full server control. The vulnerability required no authentication, making it immediately exploitable.

E-commerce platforms have suffered massive breaches through shopping cart SQL injection, where attackers inserted skimming code into stored procedures that executed during checkout, harvesting credit card data from thousands of transactions. Healthcare systems have been compromised through patient portal vulnerabilities, exposing millions of medical records when attackers injected UNION queries to merge data from supposedly isolated tables.

Mitigation

  • Parameterized queries (prepared statements) — separates SQL logic from data, making injection syntactically impossible
  • Object-Relational Mapping (ORM) frameworks — abstracts database interactions with built-in protections when used correctly
  • Strict input validation — whitelist acceptable characters and formats, reject suspicious patterns
  • Least privilege database accounts — applications should use credentials with minimal necessary permissions
  • Web Application Firewall (WAF) — detects and blocks common injection patterns as a secondary defense layer
  • Database activity monitoring — alerts on unusual query patterns or privilege escalation attempts

Recent CVEs (4643)

CVE-2025-4266
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVE-2025-4265
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVE-2025-4264
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Emergency Ambulance Hiring Portal
NVD GitHub VulDB
CVE-2025-4263
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVE-2025-4262
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online DJ Booking Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVE-2025-4250
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in code-projects Nero Social Networking Site 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nero Social Networking Site
NVD GitHub VulDB
CVE-2025-4249
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi E Diary Management System
NVD GitHub VulDB
CVE-2025-4248
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in SourceCodester Simple To-Do List System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple To Do List System
NVD GitHub VulDB
CVE-2025-4247
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester Simple To-Do List System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple To Do List System
NVD GitHub VulDB
CVE-2025-4244
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in code-projects Online Bus Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Reservation System
NVD GitHub VulDB
CVE-2025-4243
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in code-projects Online Bus Reservation System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Bus Reservation System
NVD GitHub VulDB
CVE-2025-4242
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Online Birth Certificate System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVE-2025-4241
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Teacher Subject Allocation Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub VulDB
CVE-2025-4226
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Cyber Cafe Management System
NVD GitHub VulDB
CVE-2025-4214
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Booking Management System
NVD GitHub VulDB
CVE-2025-4213
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVE-2025-4204
EPSS 0% CVSS 7.5
HIGH This Week

The Ultimate Auction Pro plugin for WordPress is vulnerable to SQL Injection via the ‘auction_id’ parameter in all versions up to, and including, 1.5.2 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Ultimate Wordpress Auction Plugin +1
NVD
CVE-2025-2812
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mydata Informatics Ticket Sales Automation allows Blind SQL Injection.04.2025 (DD.MM.YYYY). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ticket Sales Automation
NVD GitHub
CVE-2025-3708
EPSS 0% CVSS 9.8
CRITICAL Act Now

Le-show medical practice management system from Le-yan has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Le Yan
NVD
CVE-2025-3707
EPSS 0% CVSS 6.5
MEDIUM This Month

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ehrd Ctms
NVD
CVE-2024-13344
EPSS 0% CVSS 7.5
HIGH This Week

The Advance Seat Reservation Management for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'profileId' parameter in all versions up to, and including, 3.3 due to insufficient. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Advance Seat Reservation Management For Woocommerce
NVD
CVE-2024-13322
EPSS 24% CVSS 7.5
HIGH Act Now

The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to SQL Injection via the 'a_id' parameter in all versions up to, and including, 4.88 due to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.6% and no vendor patch available.

WordPress SQLi Ads Pro
NVD
CVE-2024-12023
EPSS 0% CVSS 6.5
MEDIUM This Month

The FULL - Cliente plugin for WordPress is vulnerable to SQL Injection via the 'formId' parameter in all versions 3.1.5 to 3.1.25 due to insufficient escaping on the user supplied parameter and lack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVE-2025-4197
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVE-2025-4196
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in SourceCodester Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVE-2025-4195
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in itsourcecode Gym Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Gym Management System
NVD GitHub VulDB
CVE-2025-4193
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Management System
NVD GitHub VulDB
CVE-2025-4192
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in itsourcecode Restaurant Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Management System
NVD GitHub VulDB
CVE-2025-4191
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVE-2025-4176
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Donor Management System
NVD GitHub VulDB
CVE-2025-4174
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD VulDB GitHub
CVE-2025-46337 PHP
EPSS 1% CVSS 10.0
CRITICAL PATCH Act Now

ADOdb is a PHP database class library that provides abstractions for performing queries and managing databases. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi PostgreSQL
NVD GitHub
CVE-2025-4173
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVE-2025-4164
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee Record Management System
NVD GitHub VulDB
CVE-2025-4163
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Land Record System
NVD GitHub VulDB
CVE-2025-4157
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Boat Booking System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVE-2025-4156
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Boat Booking System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVE-2025-4155
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Boat Booking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Boat Booking System
NVD GitHub VulDB
CVE-2025-4154
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVE-2025-4153
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in PHPGurukul Park Ticketing Management System 2.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub VulDB
CVE-2025-4152
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Online Birth Certificate System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Birth Certificate System
NVD GitHub VulDB
CVE-2025-4151
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVE-2025-44194
EPSS 0% CVSS 7.3
HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVE-2025-44193
EPSS 0% CVSS 7.6
HIGH POC This Week

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVE-2025-44192
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Barangay Management System
NVD GitHub
CVE-2025-45021
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Directory Management System
NVD GitHub
CVE-2025-45019
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi +1
NVD GitHub
CVE-2025-45018
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVE-2025-45017
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi +1
NVD GitHub
CVE-2025-45020
EPSS 1% CVSS 7.2
HIGH POC This Week

A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Park Ticketing Management System
NVD GitHub
CVE-2025-4113
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVE-2025-4112
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVE-2025-4111
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVE-2025-4110
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVE-2025-4109
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVE-2025-4108
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVE-2025-2890
EPSS 0% CVSS 6.5
MEDIUM This Month

The tagDiv Opt-In Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘subscriptionCouponId’ parameter in all versions up to, and including, 1.7 due to insufficient. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi PHP
NVD
CVE-2025-4080
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVE-2025-4074
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Curfew e-Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Curfew E Pass Management System
NVD GitHub VulDB
CVE-2025-4073
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Student Record System 3.20. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Record System
NVD GitHub VulDB
CVE-2025-4072
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Nurse Hiring System
NVD GitHub VulDB
CVE-2025-45956
EPSS 0% CVSS 8.8
HIGH POC This Week

A SQL injection vulnerability in manage_damage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Computer Laboratory Management System
NVD GitHub
CVE-2025-4071
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVE-2025-4070
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Rail Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVE-2025-40618
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVE-2025-40617
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection vulnerability in Bookgy. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bookgy
NVD
CVE-2025-25403
EPSS 0% CVSS 9.8
CRITICAL Act Now

Slims (Senayan Library Management Systems) 9 Bulian V9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/coll_type.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi
NVD GitHub
CVE-2025-4060
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Notice Board System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notice Board System
NVD GitHub VulDB
CVE-2025-4058
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVE-2025-4039
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Rail Pass Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rail Pass Management System
NVD GitHub VulDB
CVE-2025-4034
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD GitHub VulDB
CVE-2025-4033
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVE-2025-4031
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pre School Enrollment System
NVD GitHub VulDB
CVE-2025-4030
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD VulDB GitHub
CVE-2024-12706
EPSS 0% CVSS 2.1
LOW Monitor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenText™ Digital Asset Management. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVE-2025-4028
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVE-2025-4027
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVE-2025-4026
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in PHPGurukul Nipah Virus Testing Management System 1.0.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVE-2025-4025
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVE-2025-4024
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVE-2025-4023
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in itsourcecode Placement Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Placement Management System
NVD GitHub VulDB
CVE-2025-4021
EPSS 0% CVSS 5.3
MEDIUM POC This Month

A vulnerability was found in code-projects Patient Record Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Patient Record Management System
NVD GitHub VulDB
CVE-2025-4020
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Old Age Home Management System
NVD GitHub VulDB
CVE-2025-4014
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVE-2025-4013
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul Art Gallery Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub VulDB
CVE-2025-4005
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVE-2025-4004
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVE-2025-3998
EPSS 0% CVSS 6.9
MEDIUM POC This Month

A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Membership Management System
NVD GitHub VulDB
CVE-2025-3976
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
CVE-2025-3974
EPSS 0% CVSS 6.9
MEDIUM This Month

A vulnerability has been found in PHPGurukul COVID19 Testing Management System 1.0 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Covid19 Testing Management System
NVD GitHub VulDB
Prev Page 38 of 52 Next

Quick Facts

Typical Severity
HIGH
Category
web
Total CVEs
4643

Related CWEs

MITRE ATT&CK

References

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy