hptcybersecurity/CVE

# CVE-POC 用于在研究过程中存储 CVE POC 以及提交 CVE 2025 # 更新 | 厂商 | 产品 | 严重程度 | 描述 / 相关文档 | CVE ID | 贡献者 | | :--- | :--- | :--- | :--- | :--- | :--- | | phpgurukul | Hospital Management System In PHP | 9.8 | phpgurukul(Hospital Management System In PHP) index.php 中的 SQL 注入 (Authenticated) | CVE-2025-56214 | BaoLQ, LanLV | | phpgurukul | Hospital Management System In PHP | 6.5 | phpgurukul(Hospital Management System In PHP) contact.php 中的 SQL 注入 (Authenticated) | CVE-2025-56215 | BaoLQ, TrungNV | | phpgurukul | Hospital Management System In PHP | 9.8 | phpgurukul(Hospital Management System In PHP) add-doctor.php 中的 SQL 注入 (Authenticated) | CVE-2025-56212 | BaoLQ, BachPS | | phpgurukul | Hospital Management System In PHP | 8.5 | phpgurukul(Hospital Management System In PHP) about-us.php 中的 SQL 注入 (Authenticated) | CVE-2025-56216 | BaoLQ, VyNTL | | phpgurukul | Complaint Management System in PHP | 8.1 | Complaint Management System in PHP - user/reset-password 中的 SQL 注入 (Unauthenticated) | CVE-2025-57146 | SangNK, LanLV | | phpgurukul | Online Shopping Portal Project in PHP | 9.1 | Online Shopping Portal Project in PHP - 任意文件上传 (Admin+) | CVE-2025-57148 | SangNK, ChinhNQ | | phpgurukul | Complaint Management System in PHP | 8.8 | Complaint Management System in PHP - /admin/userprofile.php 中的存储型跨站脚本攻击 | CVE-2025-57151 | SangNK, TrungNV | | phpgurukul | Complaint Management System in PHP | 7.5 | Complaint Management System in PHP - user/registration.php 中的 SQL 注入 (Unauthenticated) | CVE-2025-57147 | SangNK, BachPS | | phpgurukul | Complaint Management System in PHP | 7.2 | Complaint Management System in PHP - admin/subcategory.php 中的存储型跨站脚本攻击 | CVE-2025-57150 | SangNK, VyNTL | | phpgurukul | Complaint Management System in PHP | 6.5 | Complaint Management System in PHP - user/complaint-details 中的 SQL 注入 (Authenticated) | CVE-2025-57149 | SangNK, ChinhNQ | | phpgurukul | Online Shopping Portal Project in PHP | 7.3 | Online Shopping Portal Project in PHP - user/bill-ship-addresses.php 中的 SQL 注入 (User+) | CVE-2025-9012 | SangNK, TrungNV | | Wordpress | Classiera – Classified Ads WordPress Theme | 9.3 | Wordpress (Classiera – Classified Ads WordPress Theme) - SQL 注入 | CVE-2025-52722 | BaoLQ | | Wordpress | Listeo-Core - Directory Plugin by Purethemes | 8.5 | WordPress (Listeo-Core - Directory Plugin by Purethemes) SQL 注入 (Subscriber+) | CVE-2025-49404 | BaoLQ | | Wordpress | SMTP for Amazon SES – YaySMTP | 7.6 | WordPress (SMTP for Amazon SES – YaySMTP) 多重 SQL 注入 (Admin+) | CVE-2025-54043 | BaoLQ | | Wordpress | SMTP for SendGrid – YaySMTP | 7.6 | WordPress (SMTP for SendGrid – YaySMTP) 多重 SQL 注入 (Admin+) | CVE-2025-48301 | BaoLQ | | Wordpress | YayExtra – WooCommerce Extra Product Options | 7.6 | WordPress (YayExtra – WooCommerce Extra Product Options) SQL 注入 (Admin+) | CVE-2025-48299 | BaoLQ | | Wordpress | SMTP for Sendinblue – YaySMTP | 7.6 | WordPress (SMTP for Sendinblue – YaySMTP) 多重 SQL 注入 (Admin+) | CVE-2025-48161 | BaoLQ | | OpenEMR | OpenEMR | 7.1 | OpenEMR - SQL 注入 | CVE-2024-22611 | BaoLQ | | Wordpress | WooCommerce Refund And Exchange with RMA | 9.8 | WordPress(WooCommerce Refund And Exchange with RMA - Warranty Manage, Refund P | CVE-2025-6222 | SangNK | | Wordpress | PostaPanduri | 9.3 | Wordpress (postapanduri) - SQL 注入 | CVE-2025-49452 | SangNK | | Wordpress | HieCOR Payment Gateway Plugin | 9.3 | Wordpress (HieCOR Payment Gateway Plugin) - SQL 注入 | CVE-2025-52773 | SangNK | | Wordpress | DirectIQ Email Marketing | 9.3 | Wordpress (DirectIQ Email Marketing) - SQL 注入 | CVE-2025-52829 | SangNK | | Wordpress | Pakke Envios | 8.5 | Wordpress (Pakke Envios) - SQL 注入 | CVE-2025-52819 | SangNK | | Wordpress | WooCommerce Point Of Sale (POS) | 8.5 | Wordpress (WooCommerce Point Of Sale (POS)) - SQL 注入 | CVE-2025-52820 | SangNK | | Wordpress | GamiPress | 7.6 | WordPress (GamiPress) SQL 注入 (Admin+) | CVE-2025-49326 | SangNK | | Wordpress | YaySMTP and Email Logs: Amazon SES, SendGrid | 7.6 | WordPress (YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo | CVE-2025-53256 | SangNK | | Wordpress | Store Locator WordPress | 7.6 | WordPress (Store Locator WordPress) SQL 注入 (Admin+) | CVE-2025-49328 | SangNK | | Wordpress | ShortLinks Pro – Affiliate Links | 7.6 | WordPress (ShortLinks Pro) SQL 注入 (Admin+) | CVE-2025-49327 | SangNK | | Wordpress | Store Locator WordPress | 6.6 | WordPress (Store Locator WordPress) 任意文件写入导致 RCE (Admin+) | CVE-2025-49329 | SangNK | | Wordpress | School Management System for Wordpress | 6.5 | WordPress (School Management System for Wordpress - Account take over) Custom role | CVE-2025-49895 | SangNK | | Wordpress | File Manager Pro – Filester | 5.9 | WordPress (File Manager Pro – Filester) - 用户角色限制设置中的存储型 XSS | CVE-2025-52710 | SangNK | | SWIFT | Alliance Access | 6.5 | Alliance Access/Entry Version 7.7.04 | CVE-2025-61125 | SangNK | | SWIFT | Alliance Access | 6.5 | Alliance Access/Entry Version 7.7.04 | CVE-2025-61124 | SangNK | | Oracle | Oracle Financial Services Analytical Applications | 6.5 | Oracle Financial Services Analytical Applications | CVE-2025-53035 | SangNK / BaoLQ |

标签：2025 CVE, CISA项目, CVE, Exploit, IP 地址批量处理, JS文件枚举, OpenVAS, PHP, POC, RCE, Web安全, XSS, 多线程, 开放策略代理, 数字签名, 文件上传, 文件完整性监控, 漏洞复现, 漏洞库, 漏洞情报, 自动化分析, 蓝队分析, 跨站脚本