injection
-
A vulnerability classified as critical has been found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/payment.php. The manipulation of the argument cid leads to sql injection. This vulnerability is traded as CVE-2025-4900. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
-
A vulnerability was found in Campcodes Sales and Inventory System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pages/transaction_update.php. The manipulation of the argument ID leads to sql injection. The identification of this vulnerability is CVE-2025-4899. The attack may be initiated remotely. Furthermore, there is an exploit…
-
CVE-2025-4886 | itsourcecode Sales and Inventory System 1.0 product_update.php serial sql injection
·
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injection. This vulnerability is known as CVE-2025-4886. The attack can be launched remotely. Furthermore, there is an exploit available. Other…
-
A vulnerability classified as critical has been found in itsourcecode Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument serial leads to sql injection. This vulnerability is traded as CVE-2025-4885. It is possible to launch the attack remotely. Furthermore, there is an exploit available. Other…
-
A vulnerability was found in itsourcecode Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/assign_save.php. The manipulation of the argument team leads to sql injection. The identification of this vulnerability is CVE-2025-4884. The attack may be initiated remotely. Furthermore, there is an exploit available.
-
Bypass login authentication using MongoDB NoSQL injection via logical and regex-based operator abuse to impersonate the admin user FOR EDUCATIONAL PURPOSES ONLY.Author: Aditya BhattWrite-Up Type: Bug Bounty PoCTarget: PortSwigger Web Security LabVulnerability: NoSQL Injection (Authentication Bypass via MongoDB Operators)Difficulty: 🟠 ApprenticeStatus: ✅ Lab SolvedBug Bounty with NoSQL📌 TL;DRIn this lab, I exploit a classic NoSQL injection vulnerability in…
-
CVE-2025-47203 | Dropbear SSH up to 2025.87 Shell Hostname os command injection (Nessus ID 236887)
·
A vulnerability was found in Dropbear SSH up to 2025.87. It has been rated as critical. This issue affects some unknown processing of the component Shell Handler. The manipulation of the argument Hostname leads to os command injection. The identification of this vulnerability is CVE-2025-47203. Attacking locally is a requirement. There is no exploit available.…
-
A vulnerability was found in weibocom rill-flow 0.1.18. It has been classified as critical. Affected is an unknown function of the component Management Console. The manipulation leads to code injection. This vulnerability is traded as CVE-2025-4866. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply…
-
A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The identification of this vulnerability is CVE-2025-4865. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters…
-
CVE-2025-4864 | itsourcecode Restaurant Management System 1.0 /admin/finished.php ID sql injection
·
A vulnerability has been found in itsourcecode Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/finished.php. The manipulation of the argument ID leads to sql injection. This vulnerability was named CVE-2025-4864. The attack can be initiated remotely. Furthermore, there is an exploit available.
-
A vulnerability, which was classified as critical, was found in Advaya Softech GEMS ERP Portal 2.1. This affects an unknown part of the file /studentLogin/studentLogin.action. The manipulation of the argument userId leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4863. It is possible to initiate the attack remotely. Furthermore, there is an exploit…
-
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. This vulnerability is traded as CVE-2025-3173. It is possible to launch the attack remotely. Furthermore, there is an exploit…
-
A vulnerability has been found in PHPGurukul User Registration & Login and User Management System 3.3 and classified as critical. This vulnerability affects unknown code of the file /edit-profile.php. The manipulation of the argument Contact leads to sql injection. This vulnerability was named CVE-2025-4934. The attack can be initiated remotely. Furthermore, there is an exploit…
-
A vulnerability, which was classified as critical, was found in ponaravindb Hospital-Management-System 1.0. This affects an unknown part of the file /doctor-panel.php. The manipulation of the argument ID leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4933. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
-
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. This vulnerability is handled as CVE-2025-4932. The attack may be launched remotely. Furthermore, there is an…
-
A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email leads to sql injection. This vulnerability is known as CVE-2025-4931. The attack can be launched remotely. Furthermore, there is an exploit available.
-
A vulnerability classified as critical has been found in Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /my-cart.php. The manipulation of the argument billingaddress leads to sql injection. This vulnerability is traded as CVE-2025-4930. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
-
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /my-account.php. The manipulation of the argument Name leads to sql injection. The identification of this vulnerability is CVE-2025-4929. The attack may be initiated remotely. Furthermore, there is an exploit available.
-
A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. This vulnerability was named CVE-2025-4928. The attack can be initiated remotely. Furthermore, there is an exploit available. Multiple parameters might be affected.
-
A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. This vulnerability is uniquely identified as CVE-2025-4927. It is possible to initiate the attack remotely. Furthermore, there is an…