Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-4597

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-30 Aug, 2007 | 17:00
Updated At-07 Aug, 2024 | 15:01
Rejected At-
Credits

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:30 Aug, 2007 | 17:00
Updated At:07 Aug, 2024 | 15:01
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/4313
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/25445
vdb-entry
x_refsource_BID
http://osvdb.org/38440
vdb-entry
x_refsource_OSVDB
Hyperlink: https://www.exploit-db.com/exploits/4313
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/25445
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://osvdb.org/38440
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/4313
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/bid/25445
vdb-entry
x_refsource_BID
x_transferred
http://osvdb.org/38440
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/4313
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/25445
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://osvdb.org/38440
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:30 Aug, 2007 | 18:17
Updated At:29 Sep, 2017 | 01:29

SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
turnkey_web_tools
turnkey_web_tools
>>sunshop_shopping_cart>>4.0
cpe:2.3:a:turnkey_web_tools:sunshop_shopping_cart:4.0:rc_6:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/38440cve@mitre.org
N/A
http://www.securityfocus.com/bid/25445cve@mitre.org
N/A
https://www.exploit-db.com/exploits/4313cve@mitre.org
N/A
Hyperlink: http://osvdb.org/38440
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/25445
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/4313
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7292Records found
CVE-2007-6576
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.17%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.

Action-Not Available
Vendor-adultscriptn/a
Product-adultscriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7475
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG+0.01%
Published-12 Jul, 2025 | 12:32
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Car Rental System pay.php sql injection

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_car_rental_systemSimple Car Rental System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.33% / 55.30%
||
7 Day CHG~0.00%
Published-14 Nov, 2007 | 01:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-e-vendejon/a
Product-0.2n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7535
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG+0.01%
Published-13 Jul, 2025 | 17:32
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Sales and Inventory System reprint_cash.php sql injection

A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /pages/reprint_cash.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-Sales and Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7164
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 19.18%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 05:32
Updated-08 Jul, 2025 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul/Campcodes Cyber Cafe Management System index.php sql injection

A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodesPHPGurukul LLP
Product-cyber_cafe_management_systemCyber Cafe Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7542
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG+0.01%
Published-13 Jul, 2025 | 21:02
Updated-15 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul User Registration & Login and User Management System user-profile.php sql injection

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/user-profile.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-User Registration & Login and User Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-22 Nov, 2007 | 00:00
Updated-07 Aug, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-hotscriptsn/a
Product-clone_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7128
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 12:32
Updated-08 Jul, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Payroll Management System ajax.php sql injection

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=calculate_payroll. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-payroll_management_systemPayroll Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-5999
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-15 Nov, 2007 | 22:00
Updated-07 Aug, 2024 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-softbizscriptsn/a
Product-softbiz_auctions_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7605
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.81%
||
7 Day CHG+0.01%
Published-14 Jul, 2025 | 12:44
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects AVL Rooms profile.php sql injection

A vulnerability was found in code-projects AVL Rooms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument first_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-AVL Rooms
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7120
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 08:32
Updated-15 Jul, 2025 | 14:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Complaint Management System check_availability.php sql injection

A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-complaint_management_systemComplaint Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7173
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:02
Updated-08 Jul, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Library System add-student.php sql injection

A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-student.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-library_systemLibrary System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7459
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG+0.01%
Published-11 Jul, 2025 | 21:02
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Mobile Shop EditMobile.php sql injection

A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Mobile Shop
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7838
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 17:14
Updated-23 Jul, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Movie Theater Seat Reservation System manage_seat.php sql injection

A vulnerability has been found in Campcodes Online Movie Theater Seat Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/manage_seat.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_movie_theater_seat_reservation_systemOnline Movie Theater Seat Reservation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7129
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 13:02
Updated-08 Jul, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Payroll Management System ajax.php sql injection

A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_employee_attendance_single. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-payroll_management_systemPayroll Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6557
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.85%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 00:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.

Action-Not Available
Vendor-megacheatzn/a
Product-megacheatzn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7539
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG+0.01%
Published-13 Jul, 2025 | 19:32
Updated-15 Jul, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Appointment Booking System getdoctordaybooking.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Online Appointment Booking System 1.0. This issue affects some unknown processing of the file /getdoctordaybooking.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-Online Appointment Booking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7220
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 06:32
Updated-11 Jul, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Payroll Management System ajax.php sql injection

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_deductions. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-payroll_management_systemPayroll Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7456
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG+0.01%
Published-11 Jul, 2025 | 20:02
Updated-16 Jul, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Movie Theater Seat Reservation System reserve.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reserve.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_movie_theater_seat_reservation_systemOnline Movie Theater Seat Reservation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6587
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.41% / 80.34%
||
7 Day CHG~0.00%
Published-28 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-ploggern/a
Product-ploggern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7217
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 05:02
Updated-11 Jul, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Payroll Management System ajax.php sql injection

A vulnerability has been found in Campcodes Payroll Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=save_position. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-payroll_management_systemPayroll Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7196
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 21:02
Updated-11 Jul, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Jonnys Liquor browse.php sql injection

A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argument Search leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-jonnys_liquorJonnys Liquor
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6342
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.65% / 70.51%
||
7 Day CHG-0.18%
Published-13 Dec, 2007 | 21:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.

Action-Not Available
Vendor-david_castron/a
Product-apache_authcasn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-35243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.69%
||
7 Day CHG~0.00%
Published-26 Dec, 2020 | 19:14
Updated-04 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb.

Action-Not Available
Vendor-flamingo_projectn/a
Product-flamingon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7171
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 09:02
Updated-09 Jul, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crime Reporting System policelogin.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-crime_reporting_systemCrime Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-4736
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-06 Sep, 2007 | 19:00
Updated-07 Aug, 2024 | 15:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

Action-Not Available
Vendor-cartkeepern/a
Product-ckgold_shopping_cartn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.06%
||
7 Day CHG~0.00%
Published-20 Mar, 2009 | 00:00
Updated-07 Aug, 2024 | 04:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.

Action-Not Available
Vendor-opencartn/a
Product-opencartn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7219
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 13.09%
||
7 Day CHG~0.00%
Published-09 Jul, 2025 | 06:02
Updated-11 Jul, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Payroll Management System ajax.php sql injection

A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-payroll_management_systemPayroll Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-9316
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.48% / 80.82%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:48
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-fastest-cache plugin before 0.8.4.9 for WordPress has SQL injection in wp-admin/admin-ajax.php?action=wpfc_wppolls_ajax_request via the poll_id parameter.

Action-Not Available
Vendor-wpfastestcachen/a
Product-wp_fastest_cachen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6373
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.97%
||
7 Day CHG~0.00%
Published-15 Dec, 2007 | 01:00
Updated-07 Aug, 2024 | 16:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.

Action-Not Available
Vendor-gestdownn/a
Product-gestdownn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0707
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.20% / 42.24%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-powerscriptsn/a
Product-powerclann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7607
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG+0.01%
Published-14 Jul, 2025 | 13:14
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Shopping Cart save_order.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/save_order.php. The manipulation of the argument order_price leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_shopping_cartSimple Shopping Cart
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7436
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG+0.01%
Published-11 Jul, 2025 | 03:02
Updated-16 Jul, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Recruitment Management System ajax.php sql injection

A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_vacancy. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_recruitment_management_systemOnline Recruitment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7832
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-19 Jul, 2025 | 15:14
Updated-29 Jul, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Church Donation System offering.php sql injection

A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/offering.php. The manipulation of the argument trcode leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-church_donation_systemChurch Donation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7483
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 18.43%
||
7 Day CHG+0.01%
Published-12 Jul, 2025 | 17:32
Updated-15 Jul, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Vehicle Parking Management System forgot-password.php sql injection

A vulnerability was found in PHPGurukul Vehicle Parking Management System 1.13. It has been rated as critical. This issue affects some unknown processing of the file /users/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-PHPGurukul LLP
Product-vehicle_parking_management_systemVehicle Parking Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2007-6538
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 77.81%
||
7 Day CHG~0.00%
Published-27 Dec, 2007 | 23:00
Updated-07 Aug, 2024 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-mrbsn/aMoodle Pty Ltd
Product-mrbsmoodlen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7155
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 16.90%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 01:03
Updated-09 Jul, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PHPGurukul Online Notes Sharing System Cookie Dashboard sql injection

A vulnerability, which was classified as critical, was found in PHPGurukul Online Notes Sharing System 1.0. This affects an unknown part of the file /Dashboard of the component Cookie Handler. The manipulation of the argument sessionid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The original researcher disclosure suspects an XPath Injection vulnerability; however, the provided attack payload appears to be characteristic of an SQL Injection attack.

Action-Not Available
Vendor-PHPGurukul LLP
Product-online_notes_sharing_systemOnline Notes Sharing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7136
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 16:32
Updated-09 Jul, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Recruitment Management System view_vacancy.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Recruitment Management System 1.0. Affected is an unknown function of the file /admin/view_vacancy.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_recruitment_management_systemOnline Recruitment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7765
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG+0.01%
Published-17 Jul, 2025 | 22:44
Updated-29 Jul, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Appointment Booking System addmanagerclinic.php sql injection

A vulnerability classified as critical was found in code-projects Online Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addmanagerclinic.php. The manipulation of the argument clinic leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_appointment_booking_systemOnline Appointment Booking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-9335
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 12:17
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.

Action-Not Available
Vendor-n/aBestWebSoft
Product-limit_attemptsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7608
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG+0.01%
Published-14 Jul, 2025 | 13:32
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Shopping Cart userlogin.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument user_email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_shopping_cartSimple Shopping Cart
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7179
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 13:02
Updated-08 Jul, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Library System add-teacher.php sql injection

A vulnerability classified as critical was found in code-projects Library System 1.0. This vulnerability affects unknown code of the file /add-teacher.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-library_systemLibrary System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7134
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 15:32
Updated-09 Jul, 2025 | 15:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Campcodes Online Recruitment Management System ajax.php sql injection

A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=delete_application. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-CampCodes
Product-online_recruitment_management_systemOnline Recruitment Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7191
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 19:02
Updated-11 Jul, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Student Enrollment System login.php sql injection

A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-student_enrollmentStudent Enrollment System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7168
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 07:32
Updated-09 Jul, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crime Reporting System userlogin.php sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-crime_reporting_systemCrime Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7169
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.06% / 17.46%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 08:02
Updated-09 Jul, 2025 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crime Reporting System complainer_page.php sql injection

A vulnerability classified as critical has been found in code-projects Crime Reporting System 1.0. Affected is an unknown function of the file /complainer_page.php. The manipulation of the argument location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-crime_reporting_systemCrime Reporting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7409
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:32
Updated-16 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Mobile Shop LoginAsAdmin.php sql injection

A vulnerability was found in code-projects Mobile Shop 1.0 and classified as critical. This issue affects some unknown processing of the file /LoginAsAdmin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-mobile_shopMobile Shop
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0144
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-10.35% / 93.11%
||
7 Day CHG~0.00%
Published-08 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.

Action-Not Available
Vendor-phpriskn/a
Product-netriskn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7860
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-20 Jul, 2025 | 00:32
Updated-29 Jul, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Church Donation System login_admin.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/login_admin.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-church_donation_systemChurch Donation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.29%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.

Action-Not Available
Vendor-scripts-for-sitesn/a
Product-ez_hot_or_notn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 31
  • 32
  • 33
  • ...
  • 145
  • 146
  • Next
Details not found