CVE-2025-6844 – Simple Forum SQL Injection Vulnerability

CVE ID : CVE-2025-6844

Published : June 29, 2025, 4:15 a.m. | 3 hours, 6 minutes ago

Description : A vulnerability was found in code-projects Simple Forum 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /signin.php. The manipulation of the argument User leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6462 – WordPress EZ SQL Reports Stored Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-6462

Published : June 29, 2025, 5:15 a.m. | 2 hours, 6 minutes ago

Description : The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6845 – “Simple Forum SQL Injection Vulnerability”

CVE ID : CVE-2025-6845

Published : June 29, 2025, 5:15 a.m. | 2 hours, 6 minutes ago

Description : A vulnerability was found in code-projects Simple Forum 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /register1.php. The manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6846 – “Code-Projects Simple Forum SQL Injection Vulnerability”

CVE ID : CVE-2025-6846

Published : June 29, 2025, 5:15 a.m. | 2 hours, 6 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Simple Forum 1.0. This affects an unknown part of the file /forum_viewfile.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6847 – Code-projects Simple Forum SQL Injection

CVE ID : CVE-2025-6847

Published : June 29, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : A vulnerability classified as critical was found in code-projects Simple Forum 1.0. This vulnerability affects unknown code of the file /forum_edit.php. The manipulation of the argument iii leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6848 – Simple Forum Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-6848

Published : June 29, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6836 – Code-projects Library System SQL Injection Vulnerability

CVE ID : CVE-2025-6836

Published : June 29, 2025, 1:15 a.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Library System 1.0. Affected is an unknown function of the file /profile.php. The manipulation of the argument phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6837 – Code-projects Library System Unrestricted File Upload Vulnerability

CVE ID : CVE-2025-6837

Published : June 29, 2025, 1:15 a.m. | 2 hours, 7 minutes ago

Description : A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6839 – Conjure Position Department Service Quality Evaluation System Less Bootstrap Mixin Head PHP Backdoor Remote Code Execution

CVE ID : CVE-2025-6839

Published : June 29, 2025, 2:15 a.m. | 1 hour, 7 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Conjure Position Department Service Quality Evaluation System up to 1.0.11. Affected by this issue is the function eval of the file public/assets/less/bootstrap-less/mixins/head.php. The manipulation of the argument payload leads to backdoor. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-53392 – pfSense File Traversal Vulnerability

CVE ID : CVE-2025-53392

Published : June 28, 2025, 11:15 p.m. | 2 hours, 11 minutes ago

Description : In Netgate pfSense CE 2.8.0, the “WebCfg – Diagnostics: Command” privilege allows reading arbitrary files via diag_command.php dlPath directory traversal. NOTE: the Supplier’s perspective is that this is intended behavior for this privilege level, and that system administrators are informed through both the product documentation and UI.

Severity: 5.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6828 – Code-Projects Inventory Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6828

Published : June 28, 2025, 11:15 p.m. | 2 hours, 11 minutes ago

Description : A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /orders.php. The manipulation of the argument i leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6829 – AluoXiang Oa System External Address Book Handler SQL Injection Vulnerability

CVE ID : CVE-2025-6829

Published : June 28, 2025, 11:15 p.m. | 2 hours, 11 minutes ago

Description : A vulnerability was found in aaluoxiang oa_system up to c3a08168c144f27256a90838492c713f55f1b207 and classified as critical. This issue affects the function outAddress of the component External Address Book Handler. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6834 – Apache Code-Projects Inventory Management System SQL Injection Vulnerability

CVE ID : CVE-2025-6834

Published : June 29, 2025, 12:15 a.m. | 1 hour, 11 minutes ago

Description : A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /php_action/editPayment.php. The manipulation of the argument orderId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-6835 – “Code-projects Library System SQL Injection Vulnerability”

CVE ID : CVE-2025-6835

Published : June 29, 2025, 12:15 a.m. | 1 hour, 11 minutes ago

Description : A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student-issue-book.php. The manipulation of the argument reg leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…