Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-25304

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-09 Feb, 2024 | 00:00
Updated At-15 May, 2025 | 19:40
Rejected At-
Credits

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:09 Feb, 2024 | 00:00
Updated At:15 May, 2025 | 19:40
Rejected At:
▼CVE Numbering Authority (CNA)

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
N/A
Hyperlink: https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
x_transferred
Hyperlink: https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Type: CWE
CWE ID: CWE-89
Description: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:09 Feb, 2024 | 13:15
Updated At:15 May, 2025 | 20:15

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Source Code & Projects
code-projects
>>simple_school_management_system>>1.0
cpe:2.3:a:code-projects:simple_school_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE-89Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-89
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.mdcve@mitre.org
Exploit
Product
https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Product
Hyperlink: https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
Source: cve@mitre.org
Resource:
Exploit
Product
Hyperlink: https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Product

Change History

0
Information is not available yet

Similar CVEs

3164Records found

CVE-2025-6890
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.32% / 23.59%
||
7 Day CHG~0.00%
Published-30 Jun, 2025 | 06:02
Updated-08 Jul, 2025 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Movie Ticketing System ticketConfirmation.php sql injection

A vulnerability was found in code-projects Movie Ticketing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /ticketConfirmation.php. The manipulation of the argument Date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-movie_ticketing_systemMovie Ticketing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2037
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.45% / 36.14%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 19:00
Updated-13 May, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System delete_requester.php sql injection

A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_dashboard/delete_requester.php. The manipulation of the argument requester_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_management_systemBlood Bank Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-2033
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.17%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 17:00
Updated-13 May, 2025 | 20:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank Management System view_donor.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /user_dashboard/view_donor.php. The manipulation of the argument donor_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-blood_bank_management_systemBlood Bank Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11530
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 03:32
Updated-09 Oct, 2025 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Complaint Site state.php sql injection

A weakness has been identified in code-projects Online Complaint Site 1.0. Affected is an unknown function of the file /cms/admin/state.php. This manipulation of the argument state causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-online_complaint_siteOnline Complaint Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-15205
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.84%
||
7 Day CHG~0.00%
Published-29 Dec, 2025 | 21:02
Updated-07 Jan, 2026 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Student File Management System download.php sql injection

A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-student_file_management_systemStudent File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14193
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.84%
||
7 Day CHG~0.00%
Published-07 Dec, 2025 | 14:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Employee Profile Management System view_personnel.php sql injection

A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing a manipulation of the argument per_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-carmelogarciaSource Code & Projects
Product-employee_profile_management_systemEmployee Profile Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14222
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.31%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 07:32
Updated-24 Feb, 2026 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Employee Profile Management System print_personnel_report.php sql injection

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-carmelogarciaSource Code & Projects
Product-employee_profile_management_systemEmployee Profile Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14230
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.26% / 17.31%
||
7 Day CHG~0.00%
Published-08 Dec, 2025 | 11:32
Updated-10 Dec, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Daily Time Recording System add_payroll.php sql injection

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argument detail_Id results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-daily_time_recording_systemDaily Time Recording System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14834
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.29% / 21.26%
||
7 Day CHG~0.00%
Published-17 Dec, 2025 | 23:02
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Stock System checkuser.php sql injection

A weakness has been identified in code-projects Simple Stock System 1.0. This affects an unknown function of the file /checkuser.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-simple_stock_systemSimple Stock System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14203
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.84%
||
7 Day CHG~0.00%
Published-07 Dec, 2025 | 21:32
Updated-10 Dec, 2025 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Question Paper Generator selectquestionuser.php sql injection

A flaw has been found in code-projects Question Paper Generator up to 1.0. This vulnerability affects unknown code of the file /selectquestionuser.php. This manipulation of the argument subid causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-question_paper_generatorQuestion Paper Generator
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-14589
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.84%
||
7 Day CHG~0.00%
Published-13 Dec, 2025 | 10:32
Updated-24 Feb, 2026 | 06:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Prison Management System search.php sql injection

A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-prison_management_systemPrison Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13243
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.44%
||
7 Day CHG~0.00%
Published-16 Nov, 2025 | 08:02
Updated-19 Nov, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Student Information System editprofile.php sql injection

A vulnerability was found in code-projects Student Information System 2.0. Impacted is an unknown function of the file /editprofile.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-student_information_systemStudent Information System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13290
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 16:32
Updated-19 Nov, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Food Ordering System saveorder.php sql injection

A vulnerability has been found in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /saveorder.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_food_ordering_systemSimple Food Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13571
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.59%
||
7 Day CHG~0.00%
Published-23 Nov, 2025 | 22:02
Updated-02 Dec, 2025 | 03:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Food Ordering System listorder.php sql injection

A vulnerability was determined in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /listorder.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-simple_cafe_ordering_systemSimple Food Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13580
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.36%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 03:02
Updated-24 Feb, 2026 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Library System mail.php sql injection

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Source Code & Projects
Product-library_systemLibrary System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13279
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.54%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 12:32
Updated-19 Nov, 2025 | 13:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Nero Social Networking Site profilefriends.php sql injection

A vulnerability was found in code-projects Nero Social Networking Site 1.0. The affected element is an unknown function of the file /profilefriends.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-nero_social_networking_siteNero Social Networking Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13579
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.36%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 02:32
Updated-24 Feb, 2026 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Library System return.php sql injection

A vulnerability was found in code-projects Library System 1.0. This impacts an unknown function of the file /return.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Source Code & Projects
Product-library_systemLibrary System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12254
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 09:02
Updated-28 Oct, 2025 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Event Judging System add_judge.php sql injection

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected by this issue is some unknown functionality of the file /add_judge.php. Such manipulation of the argument fullname leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-online_event_judging_systemOnline Event Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12238
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.86%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 06:32
Updated-27 Oct, 2025 | 18:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Automated Voting System user.php sql injection

A security flaw has been discovered in code-projects Automated Voting System 1.0. The affected element is an unknown function of the file /admin/user.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-automated_voting_systemAutomated Voting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12263
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 22.16%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:32
Updated-28 Oct, 2025 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Event Judging System edit_judge.php sql injection

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-online_event_judging_systemOnline Event Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12262
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 22.16%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 10:32
Updated-28 Oct, 2025 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Event Judging System edit_criteria.php sql injection

A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-online_event_judging_systemOnline Event Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1210
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.43% / 34.43%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 17:00
Updated-19 Feb, 2025 | 19:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Wazifa System control.php sql injection

A vulnerability classified as critical was found in code-projects Wazifa System 1.0. Affected by this vulnerability is an unknown functionality of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-wazifa_systemWazifa System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12255
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 09:02
Updated-28 Oct, 2025 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Event Judging System add_contestant.php sql injection

A security flaw has been discovered in code-projects Online Event Judging System 1.0. This affects an unknown part of the file /add_contestant.php. Performing manipulation of the argument fullname results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-online_event_judging_systemOnline Event Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12252
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.61%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 08:32
Updated-28 Oct, 2025 | 02:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Event Judging System action.php sql injection

A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-online_event_judging_systemOnline Event Judging System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11357
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 07:32
Updated-09 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Banking System createuser.php sql injection

A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-Source Code & ProjectsCodeAstro
Product-simple_banking_systemSimple Banking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11359
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 08:32
Updated-09 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Banking System transfermoney.php sql injection

A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Source Code & ProjectsCodeAstro
Product-simple_banking_systemSimple Banking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11667
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.51%
||
7 Day CHG~0.00%
Published-13 Oct, 2025 | 07:32
Updated-17 Oct, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Automated Voting System add_candidate_modal.php. sql injection

A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add_candidate_modal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-automated_voting_systemAutomated Voting System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11514
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 00:02
Updated-10 Oct, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Complaint Site index.php sql injection

A vulnerability was identified in code-projects Online Complaint Site 1.0. This vulnerability affects unknown code of the file /cms/users/index.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-online_complaint_siteOnline Complaint Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11605
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 24.33%
||
7 Day CHG~0.00%
Published-11 Oct, 2025 | 14:32
Updated-29 Oct, 2025 | 16:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Client Details System update-profile.php sql injection

A vulnerability was identified in code-projects Client Details System 1.0. Impacted is an unknown function of the file /admin/update-profile.php. Such manipulation of the argument uid leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-client_details_systemClient Details System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11552
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 19:02
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Complaint Site category.php sql injection

A vulnerability was identified in code-projects Online Complaint Site 1.0. This impacts an unknown function of the file /admin/category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-online_complaint_siteOnline Complaint Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11515
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 00:02
Updated-10 Oct, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Complaint Site register-complaint.php sql injection

A security flaw has been discovered in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/users/register-complaint.php. Performing manipulation of the argument cid results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-online_complaint_siteOnline Complaint Site
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11603
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-11 Oct, 2025 | 13:32
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Food Ordering System editproduct.php sql injection

A vulnerability was found in code-projects Simple Food Ordering System 1.0. This vulnerability affects unknown code of the file /editproduct.php. The manipulation of the argument Category results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_food_ordering_systemSimple Food Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11358
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 22.32%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 08:02
Updated-09 Oct, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Banking System removeuser.php sql injection

A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-Source Code & ProjectsCodeAstro
Product-simple_banking_systemSimple Banking System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11613
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.90%
||
7 Day CHG~0.00%
Published-11 Oct, 2025 | 19:32
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Food Ordering System addcategory.php sql injection

A vulnerability was found in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file /addcategory.php. The manipulation of the argument cname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_food_ordering_systemSimple Food Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9894
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.18%
||
7 Day CHG~0.00%
Published-12 Oct, 2024 | 12:31
Updated-16 Oct, 2024 | 22:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System reset.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file reset.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-blood_bank_system_projectSource Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9817
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.52% / 40.18%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 22:31
Updated-17 Oct, 2024 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blood Bank System update.php sql injection

A vulnerability was found in code-projects Blood Bank System 1.0. It has been classified as critical. This affects an unknown part of the file /update.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-blood_bank_system_projectSource Code & Projects
Product-blood_bank_systemBlood Bank Systemblood_bank_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-0300
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 40.63%
||
7 Day CHG~0.00%
Published-07 Jan, 2025 | 17:00
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Book Shop subcat.php sql injection

A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-online_book_shopOnline Book Shop
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8147
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.61% / 44.92%
||
7 Day CHG~0.00%
Published-25 Aug, 2024 | 09:00
Updated-11 Sep, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Pharmacy Management System index.php sql injection

A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-pharmacy_management_system_projectpharmacy_management_system_projectSource Code & Projects
Product-pharmacy_management_systemPharmacy Management Systempharmacy_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-8710
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.58% / 43.42%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 03:00
Updated-13 Sep, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Inventory Management Products Table Page viewProduct.php sql injection

A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-inventory_managementInventory Managementinventory_management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-6906
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.53% / 41.03%
||
7 Day CHG~0.00%
Published-19 Jul, 2024 | 09:31
Updated-01 Aug, 2024 | 21:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Record Management System add_leave_non_user.php sql injection

A vulnerability was found in SourceCodester Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file add_leave_non_user.php. The manipulation of the argument LSS leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271931.

Action-Not Available
Vendor-jkevSource Code & ProjectsSourceCodester
Product-record_management_systemRecord Management Systemrecord_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-38348
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.43% / 34.69%
||
7 Day CHG~0.00%
Published-18 Jun, 2024 | 00:00
Updated-10 Oct, 2024 | 10:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CodeProjects Health Care hospital Management System v1.0 was discovered to contain a SQL injection vulnerability in the Staff Info module via the searvalu parameter.

Action-Not Available
Vendor-health_care_hospital_management_system_projectn/aSource Code & Projects
Product-health_care_hospital_management_systemn/ahealth_care_hospital_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12360
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.51% / 39.57%
||
7 Day CHG~0.00%
Published-09 Dec, 2024 | 05:00
Updated-10 Dec, 2024 | 23:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Class and Exam Scheduling System class_update.php sql injection

A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-online_class_and_exam_scheduling_system_projectSource Code & Projects
Product-online_class_and_exam_scheduling_systemOnline Class and Exam Scheduling Systemonline_class_and_exam_scheduling_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-25309
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.86%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-17 Jun, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25312
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.71% / 48.87%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25308
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.42%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-12 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25310
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.43%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-20 Jun, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25306
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.72% / 49.43%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-19 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/asimple_school_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-25305
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.94% / 56.69%
||
7 Day CHG~0.00%
Published-09 Feb, 2024 | 00:00
Updated-15 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.

Action-Not Available
Vendor-n/aSource Code & Projects
Product-simple_school_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-1821
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.54% / 41.29%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 15:00
Updated-07 Dec, 2024 | 02:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Crime Reporting System police_add.php sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.

Action-Not Available
Vendor-Source Code & Projects
Product-crime_reporting_systemCrime Reporting System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-12948
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.57% / 42.86%
||
7 Day CHG+0.01%
Published-26 Dec, 2024 | 11:00
Updated-03 Apr, 2025 | 16:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Travel Management System detail.php sql injection

A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-travel_management_systemTravel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 63
  • 64
  • Next
Details not found