216327 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the data function in BuildHelper.php. An attacker can execute arbitrary SQL commands by supplying a specially crafted data array. Remediation There is no fixed version for mix/mix. References - GitHub Gist - Vulnerable...
CVE-2026-42475
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...
CVE-2026-37505
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...
SQLInjection
Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...
CVE-2026-7555
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2026-7555
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2026-7555 itsourcecode Electronic Judging System login.php sql injection
A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2026-7553
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-7550
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-7553
CVE-2026-7553 affects code-projects Gym Management System 1.0. The vulnerability resides in the file /admin/edit_exercises.php where manipulation of the argument edit_exercise enables a SQL injection. The issue is exploitable remotely and an exploit has been made public (Exploit maturity: PROOF-O...
CVE-2026-7553
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-7553 code-projects Gym Management System edit_exercises.php sql injection
A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...
CVE-2026-7550
CVE-2026-7550 affects SourceCodester Pharmacy Sales and Inventory System 1.0. The vulnerability is in an unknown function of the file /ajax.php?action=save_customer where manipulation of the argument ID leads to an SQL injection. It is exploitable remotely and the exploit has been disclosed publi...
EUVD-2026-26476
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-7550 SourceCodester Pharmacy Sales and Inventory System ajax.php save_customer sql injection
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=savecustomer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-7549
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
EUVD-2026-26475
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-7549 SourceCodester Pharmacy Sales and Inventory System ajax.php delete_customer sql injection
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-7545
SourceCodester Advanced School Management System 1.0 is affected by an SQL injection in the checkEmail endpoint, specifically via the commonController.php function. The vulnerability stems from manipulation of an element within that file, enabling remote exploitation. The exploit has been publicl...