| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
| CVE-2026-54419 | 18 Jun 202610:21 | – | attackerkb | |
| CVE-2026-54419 | 18 Jun 202612:24 | – | circl | |
| CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query | 18 Jun 202610:21 | – | cvelist | |
| EUVD-2026-37872 | 18 Jun 202610:21 | – | euvd | |
| CVE-2026-54419 | 18 Jun 202614:17 | – | nvd | |
| PT-2026-50656 | 18 Jun 202600:00 | – | ptsecurity | |
| CVE-2026-54419 PIAF-HMS multiple unauthenticated SQL injection vulnerabilities via mysql_query | 18 Jun 202610:21 | – | vulnrichment |
[
{
"vendor": "claudiopizzillo",
"product": "PIAF-HMS",
"collectionURL": "https://github.com/claudiopizzillo/PIAF-HMS",
"repo": "https://github.com/claudiopizzillo/PIAF-HMS",
"programFiles": [
"checkin.php",
"checkout.php",
"rates.php",
"rooms.php",
"bills.php",
"wakeup.php",
"checkuser.php",
"ec.php"
],
"defaultStatus": "affected"
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| ID | query param | rooms.php | SQL injection in rooms.php via GET parameter ID in an unquoted numeric context | CWE-89 |
| Ext | query param | checkuser.php | SQL injection in checkuser.php via GET parameter Ext | CWE-89 |
| date | query param | ec.php | SQL injection in ec.php via date and extension parameters in a WHERE clause | CWE-89 |
| extension | query param | ec.php | SQL injection in ec.php via date and extension parameters in a WHERE clause | CWE-89 |
| POST fields | request body | checkin.php | SQL injection in checkin.php via POST values inserted into INSERT statements | CWE-89 |
| POST fields | request body | wakeup.php | SQL injection in wakeup.php via POST values inserted into INSERT statements | CWE-89 |
| POST fields | request body | bills.php | SQL injection in bills.php via POST fields built into a WHERE clause | CWE-89 |
| POST fields | request body | rates.php | SQL injection in rates.php via POST fields used in queries | CWE-89 |
| POST fields | request body | checkout.php | SQL injection in checkout.php via POST fields used in queries | CWE-89 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation