CVE-2026-10258

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/addsubtopic.php. This manipulation of the argument topicid causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available ...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

Security Bulletin: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements (CVE-2026-9837)

Summary CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements CVE-2026-9837 Vulnerability Details CVEID:CVE-2026-9837 DESCRIPTION: CockroachDB PostgreSQL for IBM VPC is vulnerable to SQL injection when executing special statements. CWE:CWE-89: Imprope...

WordPress MasterStudy LMS Pro plugin <= 4.8.20 - Authenticated (Instructor+) SQL Injection vulnerability

Authenticated Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad - Awesome Motive, Inc. in WordPress Plugin MasterStudy LMS Pro versions = 4.8.20...

Security Bulletin: IBM Verify Antenna is affected by multiple vulnerabilities (CVE-2026-33815, CVE-2026-33816, CVE-2026-41889)

Summary IBM Verify Antenna has addressed these vulnerabilities in an update. Vulnerability Details CVEID:CVE-2026-41889 DESCRIPTION: pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string...

CVE-2025-15655

The CVE-2025-15655 entry pertains to a SQL Injection in the WordPress School Management plugin (

CVE-2025-15655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

WordPress Geo Mashup plugin <= 1.13.19 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Baikuya in WordPress Plugin Geo Mashup versions = 1.13.19...

E-Learning System 1.0 - SQL Injection

E-Learning System 1.0 contains an unauthenticated SQL injection caused by unsanitized input, letting remote attackers execute arbitrary code on the server and gain a reverse shell, exploit requires no authentication. id: CVE-2021-3239 info: name: E-Learning System 1.0 - SQL Injection author:...

CVE-2026-10704 SourceCodester Pizzafy E-Commerce System Administrative Control Panel admin_class_novo.php login sql injection

A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/adminclassnovo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack ca...

CVE-2026-10704

CVE-2026-10704 affects SourceCodester Pizzafy E-Commerce System 1.0. The vulnerability is in the Login function of /admin/admin_class_novo.php, where manipulating the Username parameter yields a SQL injection. The issue can be exploited remotely and the exploit is public. CVSS details indicate a ...

WordPress plugin School Management SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

SourceCodester Pizzafy E-Commerce System SQL注入漏洞

SourceCodester Pizzafy E-Commerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy E-Commerce System has a SQL injection vulnerability. This vulnerability stems from the function Login in the Administrative Control Panel component...

PT-2026-45898

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy E-Commerce System version 1.0 Description An SQL injection issue exists in the Administrative Control Panel component. The Login function within the /admin/admin class novo.php file is susceptible to remote attacks throu...

CVE-2026-10286

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /homeemployee.php. The manipulation of the argument empid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-5073

The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...

CVE-2026-10620 code-projects Student Admission System index.php sql injection

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2026-10620

A flaw has been found in code-projects Student Admission System 1.0. Affected is an unknown function of the file /index.php. This manipulation of the argument eid/did causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...