Vulnerabilities (CVE)

Filtered by CWE-89
Total 19555 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-45321 1 Lopalopa 1 Online Service Management Portal 2026-06-17 N/A 8.8 HIGH
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
CVE-2025-45240 1 Qianfox 1 Foxcms 2026-06-17 N/A 6.5 MEDIUM
foxcms v1.2.5 was discovered to contain a SQL injection vulnerability via the executeCommand method in DataBackup.php.
CVE-2025-45065 2026-06-17 N/A 9.8 CRITICAL
employee record management system in php and mysql v1 was discovered to contain a SQL injection vulnerability via the loginerms.php endpoint.
CVE-2025-45021 1 Phpgurukul 1 Directory Management System 2026-06-17 N/A 5.3 MEDIUM
A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands.
CVE-2025-45020 1 Phpgurukul 1 Park Ticketing Management System 2026-06-17 N/A 7.2 HIGH
A SQL Injection vulnerability was discovered in the normal-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter in a POST request.
CVE-2025-45019 1 Phpgurukul 1 Park Ticketing Management System 2026-06-17 N/A 5.4 MEDIUM
A SQL injection vulnerability was discovered in /add-foreigners-ticket.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the cprice POST request parameter.
CVE-2025-45018 1 Phpgurukul 1 Park Ticketing Management System 2026-06-17 N/A 9.8 CRITICAL
A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter.
CVE-2025-45017 1 Phpgurukul 1 Park Ticketing Management System 2026-06-17 N/A 9.8 CRITICAL
A SQL injection vulnerability was discovered in edit-ticket.php of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary code via the tprice POST request parameter.
CVE-2025-44831 1 Engineercms Project 1 Engineercms 2026-06-17 N/A 9.8 CRITICAL
EngineerCMS v1.02 through v2.0.5 has a SQL injection vulnerability in the /project/addproject interface.
CVE-2025-44830 1 Engineercms Project 1 Engineercms 2026-06-17 N/A 9.8 CRITICAL
EngineerCMS v1.02 through v.2.0.5 has a SQL injection vulnerability in the /project/addprojtemplet interface.
CVE-2025-44608 1 Vishalmathur 1 Cloudclassroom-php Project 2026-06-17 N/A 6.5 MEDIUM
CloudClassroom-PHP Project v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter.
CVE-2025-44194 1 Oretnom23 1 Simple Barangay Management System 2026-06-17 N/A 7.3 HIGH
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.
CVE-2025-44193 1 Oretnom23 1 Simple Barangay Management System 2026-06-17 N/A 7.6 HIGH
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_complaint.
CVE-2025-44192 1 Oretnom23 1 Simple Barangay Management System 2026-06-17 N/A 9.8 CRITICAL
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_clearance.
CVE-2025-44135 1 Code-projects 1 Online Class And Exam Scheduling System 2026-06-17 N/A 6.5 MEDIUM
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 in /Scheduling/pages/profile_update.php. Manipulating the parameter username will cause SQL injection attacks.
CVE-2025-44134 1 Code-projects 1 Online Class And Exam Scheduling System 2026-06-17 N/A 6.5 MEDIUM
A vulnerability was found in Code-Projects Online Class and Exam Scheduling System 1.0 in the file /Scheduling/pages/class_save.php. Manipulation of parameter class will lead to SQL injection attacks.
CVE-2025-44074 1 Seacms 1 Seacms 2026-06-17 N/A 9.8 CRITICAL
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
CVE-2025-44073 1 Seacms 1 Seacms 2026-06-17 N/A 9.8 CRITICAL
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
CVE-2025-44072 1 Seacms 1 Seacms 2026-06-17 N/A 9.8 CRITICAL
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
CVE-2025-44034 1 Aaluoxiang 1 Oa System 2026-06-17 N/A 8.0 HIGH
SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the alph parameters in src/main/Java/cn/gson/oasys/controller/address/AddrController