216283 matches found
CVE-2026-36962
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the...
pgAdmin SQL注入漏洞
pgAdmin is an open-source management and development platform for the open-source database PostgreSQL. Versions of pgAdmin prior to 4.9.15 had a SQL injection vulnerability. This vulnerability allows authenticated users to inject arbitrary SQL statements in VACUUM/ANALYZE/REINDEX commands,...
Adversarial SQL Injection Generation with LLM-Based Architectures
SQL injection SQLi attacks are still one of the serious attacks ranked in the Open Worldwide Application Security Project OWASP Top 10 threats. Today, with advances in Artificial Intelligence AI, especially in Large Language Models LLMs, an opportunity has been created for automating adversarial...
Unity Linux 20.1070e Security Update: postgresql (UTSA-2026-017752)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017752 advisory. When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-sqlalchemy (UTSA-2026-017470)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017470 advisory. SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. Tenable has extracted the preceding description block directly fr...
CVE-2026-36962
CVE-2026-36962 affects MuuCMF T6, version 1.9.4.20260115. The issue is a SQL Injection in the /index/controller/Search.php endpoint via the keyword parameter, leading to unauthenticated access that can compromise the entire database and grant unauthorized administrative privileges, with potential...
EUVD-2021-34802
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47928
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47941
The CVE-2021-47941 vulnerability affects WordPress Plugin Survey & Poll 1.5.7.3, where an SQL injection is possible via the wp_sap cookie parameter. The issue allows unauthenticated attackers to craft SQL payloads in the cookie to extract sensitive data (usernames, passwords, and other confidenti...
CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...
CVE-2021-47928
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...
Exploit for SQL Injection in Litellm
CVE-2026-42208 — LiteLLM Pre-Auth SQL Injection Timing PoC Lo...
Exploit for CVE-2025-1094
--- POC Khai thác lỗ hổng CVE-2025-1094: PostgreSQL psql SQL...
pgx: SQL Injection via placeholder confusion with dollar quoted string literals
...
EUVD-2026-28982
A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...