6.9
CVE-2025-9744 - Campcodes Online Loan Management System ajax.php sql injection
A weakness has been identified in Campcodes Online Loan Management System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been made avβ¦
6.9
CVE-2025-9743 - code-projects Human Resource Integrated System login_attendance2.php sql injection
A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. Impacted is an unknown function of the file login_attendance2.php. Performing manipulation of the argument employee_id/date results in sql injection. The attack can be initiated remotely. The exploit has beenβ¦
6.9
CVE-2025-9742 - code-projects Human Resource Integrated System login.php sql injection
A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly availablβ¦
6.9
CVE-2025-9741 - code-projects Human Resource Integrated System login_query12.php sql injection
A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /login_query12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly discβ¦
6.9
CVE-2025-9740 - code-projects Human Resource Integrated System log_query.php sql injection
A vulnerability was found in code-projects Human Resource Integrated System 1.0. This affects an unknown part of the file /log_query.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
6.9
CVE-2025-9739 - Campcodes Online Water Billing System process.php sql injection
A vulnerability has been found in Campcodes Online Water Billing System 1.0. Affected by this issue is some unknown functionality of the file /process.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclβ¦
5.1
CVE-2025-9738 - Portabilis i-Educar educar_tipo_ensino_cad.php cross site scripting
A flaw has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_tipo_ensino_cad.php. Executing manipulation of the argument nm_tipo can lead to cross site scripting. The attack can be executed remotely. The exploit hasβ¦
5.1
CVE-2025-9737 - O2OA Personal Profile importmodel cross site scripting
A vulnerability was detected in O2OA up to 10.0-410. Affected is an unknown function of the file /x_query_assemble_designer/jaxrs/importmodel of the component Personal Profile Page. Performing manipulation of the argument description/applicationName/queryName results in cross site scripting. Remoteβ¦
5.1
CVE-2025-9736 - O2OA Personal Profile statement cross site scripting
A security vulnerability has been detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_query_assemble_designer/jaxrs/statement of the component Personal Profile Page. Such manipulation of the argument description/queryName leads to cross site scripting. The attack may beβ¦
5.1
CVE-2025-9735 - O2OA Personal Profile table cross site scripting
A weakness has been identified in O2OA up to 10.0-410. This affects an unknown function of the file /x_query_assemble_designer/jaxrs/table of the component Personal Profile Page. This manipulation of the argument description/applicationName/queryName causes cross site scripting. The attack may be iβ¦