216205 matches found
CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...
CVE-2018-25386 HaPe PKH 1.1 SQL Injection via id Parameter in admin/media.php
HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...
CVE-2018-25385
CVE-2018-25385 affects E-Registrasi Pencak Silat 18.10. The flaw is an SQL injection in the id_partai parameter of monitor_nilai.php, exploitable via unauthenticated GET requests with crafted payloads. attackers can extract sensitive data including admin credentials and user data. Root cause: imp...
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25385 E-Registrasi Pencak Silat 18.10 SQL Injection via id_partai
E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the idpartai parameter. Attackers can send GET requests to monitornilai.php with crafted SQL payloads in the idpartai...
CVE-2018-25382
Zechat 1.5 contains an SQL injection in the uname parameter that allows unauthenticated attackers to extract database information by injecting SQL through profile.php. The described payloads use UNION-based injections to enumerate table names, column names, and sensitive data from information_sch...
SQLandXSS
No d...
CVE-2026-44238
CVE-2026-44238 affects FreePBX (open source IP PBX). The vulnerability is an SQL injection in the CDR Reports module page via the order and sort POST parameters. Authentication is required through a FreePBX Admin Control Panel account with CDR section access; full admin privileges are not necessa...
CVE-2026-44238
FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges ar...
Vulnerabilities in Oracle E-Business Suite components
Oracle has discovered vulnerabilities in various components of the Oracle E-Business Suite, including Oracle Payments, Oracle Internet Procurement Connector, Oracle Financials Common Modules, Oracle iAssets, Oracle Public Sector Financials International, Oracle Universal Work Queue, Oracle Payrol...
CVE-2026-10039
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
BIT-DRUPAL-2026-9082 Drupal core - Highly critical - SQL injection - SA-CORE-2026-004
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...
CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-10039
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-10039 Frontend Admin by DynamiApps <= 3.28.28 - Authenticated (Administrator+) SQL Injection via 'order' Parameter
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to generic SQL Injection via the 'order' parameter in all versions up to, and including, 3.28.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
CVE-2026-4776
An SQL injection in Mautic’s API contact filtering was reported. The flaw arises from insufficient recursive sanitization of nested query parameters, allowing an authenticated API user to bypass input filtering and inject arbitrary SQL commands. Documents do not specify affected versions, exact v...
CVE-2026-4776
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...
CVE-2026-4776
An SQL injection vulnerability exists in Mautic's API contact filtering mechanism. Due to insufficient recursive sanitization of nested query parameters, an authenticated API user can bypass input filtering and inject arbitrary SQL commands...
sqli_exploit
S...
Exploit for SQL Injection in Ghost
version Unauthenticated Stored Cross-Site Scripting CVE-2026-...