Total
18380 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14646 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Student File Management System 1.0. This impacts an unknown function of the file /admin/delete_student.php. The manipulation of the argument stud_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14645 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown function of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-14640 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /admin/save_student.php. Executing manipulation of the argument stud_no can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14639 | 1 Angeljudesuarez | 1 Student Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in itsourcecode Student Management System 1.0. Impacted is an unknown function of the file /uprec.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-14623 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in code-projects Student File Management System 1.0. This issue affects some unknown processing of the file /admin/update_student.php. This manipulation of the argument stud_id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-14619 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login_query.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-14590 | 1 Carmelo | 1 Prison Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2021-41659 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||||
| CVE-2022-36545 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | |||||
| CVE-2022-36544 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | |||||
| CVE-2022-36543 | 1 Hashenudara | 1 Edoc-doctor-appointment-system | 2025-12-16 | N/A | 9.8 CRITICAL |
| Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | |||||
| CVE-2025-14537 | 1 Fabian | 1 Class And Exam Timetable Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A weakness has been identified in code-projects Class and Exam Timetable Management 1.0. Affected by this issue is some unknown functionality of the file /preview7.php. This manipulation of the argument course_year_section/semester causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-14536 | 1 Fabian | 1 Class And Exam Timetable Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Class and Exam Timetable Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument username/password results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14529 | 1 Campcodes | 1 Retro Basketball Shoes Online Store | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Campcodes Retro Basketball Shoes Online Store 1.0. The affected element is an unknown function of the file /admin/admin_running.php. This manipulation of the argument pid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-14515 | 1 Campcodes | 1 Supplier Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_unit.php. Such manipulation of the argument txtunitDetails leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-14514 | 1 Campcodes | 1 Supplier Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A flaw has been found in Campcodes Supplier Management System 1.0. Affected is an unknown function of the file /admin/add_distributor.php. This manipulation of the argument txtDistributorAddress causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2025-65950 | 1 Wbce | 1 Wbce Cms | 2025-12-16 | N/A | 8.8 HIGH |
| WBCE CMS is a content management system. In versions 1.6.4 and below, the user management module allows a low-privileged authenticated user with permissions to modify users to execute arbitrary SQL queries. This can be escalated to a full database compromise, data exfiltration, effectively bypassing all security controls. The vulnerability exists in the admin/users/save.php script, which handles updates to user profiles. The script improperly processes the groups[] parameter sent from the user edit form. This issue is fixed in version 1.6.5. | |||||
| CVE-2025-14621 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was identified in code-projects Student File Management System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument user_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2025-14622 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A security flaw has been discovered in code-projects Student File Management System 1.0. This vulnerability affects unknown code of the file /admin/save_user.php. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-14620 | 1 Fabian | 1 Student File Management System | 2025-12-16 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in code-projects Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/login_query.php. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||