216336 matches found
SourceCodester Pharmacy Sales and Inventory System 注入漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which stems from the handling of the paramete...
1000 Projects Portfolio Management System MCA 注入漏洞
The 1000 Projects Portfolio Management System MCA is an open-source combination management system developed by 1000 Projects. Versions of the 1000 Projects Portfolio Management System MCA, including version 1.0 and earlier, had a SQL injection vulnerability. This vulnerability stemmed from the...
PT-2026-35541
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=save product. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been...
CVE-2024-46636
CVE-2024-46636 affects NASA EOSDIS MODAPS v8.1. The MODAPS web application has a SQL injection in the category parameter caused by improper input validation, enabling exploitation via HTTP GET parameter manipulation to access data and potentially execute arbitrary SQL queries on the backend Postg...
CodeAstro Online Classroom 注入漏洞
CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter fname in the file /addnewfaculty, which may lead to SQL injection...
PT-2026-35421
A weakness has been identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=delete receiving. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit ha...
CVE-2021-36438
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...
itsourcecode Construction Management System 注入漏洞
itsourcecode Construction Management System is an open-source construction management system developed by itsourcecode. Version 1.0 of the itsourcecode Construction Management System has a SQL injection vulnerability, which stems from the handling of the parameter “address” in the...
CVE-2021-36438
SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...
CVE-2024-46636
NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...
PT-2026-35396
A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilize...
PT-2026-35336
A vulnerability has been found in itsourcecode Construction Management System 1.0. This vulnerability affects unknown code of the file /execute1.php. Such manipulation of the argument code leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the publi...
SQL Injection
Overview org.springframework.ai:spring-ai-azure-cosmos-db-store is a Spring AI Vector Store for Azure Cosmos DB Affected versions of this package are vulnerable to SQL Injection via document ID handling in CosmosDBVectorStore. An attacker can execute arbitrary SQL queries by supplying crafted...
📄 Sequelize 6.37.7 SQL Injection
A remote SQL injection vulnerability exists Sequelize versions 6.37.7 and below in the JSON/JSONB where clause processing. When Sequelize parses a JSON path key containing ::, the value after :: is treated as a SQL cast type and is inserted into the generated SQL without proper validation. If an...
PT-2026-35498
A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and...
CVE-2021-36438
The CVE-2021-36438 entry concerns a SQL injection in the Sourcecodester Online Job Portal phppdo 1.0, exploitable via the category parameter in /jobportal/index.php. Affected component: the phppdo 1.0 web app; root cause is unvalidated input in category leading to SQL injection. Impact is describ...
CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection
A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...
CVE-2026-7063
The CVE-2026-7063 entry concerns code-projects Employee Management System 1.0, specifically the Endpoint component’s file /370project/process/eprocess.php. The vulnerability arises from manipulating the pwd argument, leading to SQL injection. Exploitation is described as remote and the exploit is...
CVE-2026-7060
A vulnerability was determined in liyupi yu-picture up to a053632c41340152bf75b66b3c543d129123d8ec. This impacts the function PageRequest of the file yu-picture-backend/src/main/java/com/yupi/yupicturebackend/service/impl/PictureServiceImpl.java of the component MyBatis-Plus. Executing a...