Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1374 1 Fabian 1 Real Estate Property Management System 2025-10-23 6.3 Medium
A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10408 2 Code Projects, Fabian 2 Blood Bank Management System, Blood Bank Management System 2025-10-23 6.3 Medium
A vulnerability has been found in code-projects Blood Bank Management up to 1.0 and classified as critical. This vulnerability affects unknown code of the file /abs.php. The manipulation of the argument search leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-10417 2 Code Projects, Fabian 2 Blood Bank Management Systems, Blood Bank Management System 2025-10-23 6.3 Medium
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /file/delete.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11584 2 Code-projects, Fabian 2 Online Job Search Engine, Online Job Search Engine 2025-10-23 7.3 High
A vulnerability has been found in code-projects Online Job Search Engine 1.0. The affected element is an unknown function of the file /searchjob.php. The manipulation of the argument txtspecialization leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2024-24098 2 Code-projects, Fabian 2 Scholars Tracking System, Scholars Tracking System 2025-10-23 9.8 Critical
Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed.
CVE-2025-11600 2 Code-projects, Fabian 2 Simple Food Ordering System, Simple Food Ordering System 2025-10-23 6.3 Medium
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file editcategory.php. Such manipulation of the argument cname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2023-7097 1 Fabian 1 Water Billing System 2025-10-23 6.3 Medium
A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248949 was assigned to this vulnerability.
CVE-2024-8944 2 Code-projects, Fabian 2 Hospital Management System, Hospital Management System 2025-10-23 7.3 High
A vulnerability, which was classified as critical, was found in code-projects Hospital Management System 1.0. This affects an unknown part of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11612 2 Code-projects, Fabian 2 Simple Food Ordering System, Simple Food Ordering System 2025-10-23 6.3 Medium
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-11603 2 Code-projects, Fabian 2 Simple Food Ordering System, Simple Food Ordering System 2025-10-23 6.3 Medium
A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2025-11608 2 Code-projects, Fabian 2 E-banking System, Simple E-banking System 2025-10-23 7.3 High
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-61194 1 Daicuo 1 Daicuo 2025-10-23 6.5 Medium
daicuocms V1.3.13 contains a SQL injection vulnerability in the file library\think\db\Builder.php.
CVE-2025-40654 1 Acc 1 Dm Corporative Cms 2025-10-23 9.8 Critical
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name and cod parameters in /antbuspre.asp.
CVE-2025-40655 1 Acc 1 Dm Corporative Cms 2025-10-23 9.8 Critical
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
CVE-2025-40656 1 Acc 1 Dm Corporative Cms 2025-10-23 9.8 Critical
A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
CVE-2024-5523 1 Codester 1 Astrotalks 2025-10-23 8.8 High
SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the database.
CVE-2024-4824 1 Arox 1 School Erp Pro\+responsive 2025-10-23 9.8 Critical
Vulnerability in School ERP Pro+Responsive 1.0 that allows SQL injection through the '/SchoolERP/office_admin/' index in the parameters groups_id, examname, classes_id, es_voucherid, es_class, etc. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the database.
CVE-2023-7126 1 Fabian 1 Automated Voting System 2025-10-23 6.3 Medium
A vulnerability classified as critical has been found in code-projects Automated Voting System 1.0. This affects an unknown part of the file /admin/ of the component Admin Login. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249129 was assigned to this vulnerability.
CVE-2023-7127 1 Fabian 1 Automated Voting System 2025-10-23 6.3 Medium
A vulnerability classified as critical was found in code-projects Automated Voting System 1.0. This vulnerability affects unknown code of the component Login. The manipulation of the argument idno leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-249130 is the identifier assigned to this vulnerability.
CVE-2024-32739 1 Cyberpower 2 Powerpanel, Powerpanel Enterprise 2025-10-23 7.5 High
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.