PT-2026-32277

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web WordPress plugin versions prior to 1.15.38 Description Improper preparation of SQL queries occurs when the "MySQL Mapping" feature is active, which may enable SQL Injection attacks in certain contexts. Recommendations...

SourceCodester Online Thesis Archiving System 安全漏洞

The SourceCodester Online Thesis Archiving System is an open-source online thesis archiving system developed by SourceCodester. Version 1.0 of the SourceCodester Online Thesis Archiving System contains a security vulnerability, which stems from an SQL injection vulnerability in the file...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

PT-2026-32356

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view service.php...

PT-2026-32515

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

PT-2026-32285

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

SourceCodester Pharmacy Sales and Inventory System SQL注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from incorrect...

PT-2026-32401

A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and...

CVE-2026-36922

CVE-2026-36922 affects Sourcecodester Cab Management System v1.0; SQL injection in /cms/admin/categories/view_category.php. Root cause is vulnerable SQL handling in that file. CVSS 3.1 base score 2.7 (LOW) with Confidentiality impact: LOW; no impact to integrity or availability stated. Other conn...

SourceCodester Cab Management System 安全漏洞

SourceCodester Cab Management System is an open-source taxi management system developed by SourceCodester. Version 1.0 of the SourceCodester Cab Management System has a security vulnerability, which stems from SQL injection in the /cms/admin/bookings/viewbooking.php file...

CVE-2026-36872

CVE-2026-36872 affects Sourcecodester Basic Library System v1.0, with a SQL Injection vulnerability in the script path /librarysystem/load_book.php. The connected records confirm the vulnerable endpoint but do not provide detailed root cause analysis, affected parameter names, or remediation step...

CVE-2026-36941

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manageroom.php...

CVE-2026-36937

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/viewdetails.php...

Code-Projects Easy Blog Site SQL注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of Code-Projects Easy Blog Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the post.php file, which may lead to SQL injection attac...

Faculty Management System SQL注入漏洞

The Faculty Management System is an instructor management system developed by code-projects as open source. Version 1.0 of the Faculty Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter ID in the file /subject-print.php, which ma...

CVE-2026-36947

CVE-2026-36947 affects Sourcecodester Computer and Mobile Repair Shop Management System v1.0. The vulnerability is a SQL Injection in /rsms/admin/services/view_service.php. CVSS v3.1 base score 2.7 (LOW) with network attack vector, low complexity, requiring high privileges and no user interaction...

PT-2026-32221

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A SQL injection issue exists in an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Manipulating the BRANCH ID argument can trigger the injection. The attack...

PHPGurukul Daily Expense Tracking System SQL注入漏洞

The PHPGurukul Daily Expense Tracking System is a system for tracking daily expenses developed by PHPGurukul. Version 1.1 of the PHPGurukul Daily Expense Tracking System contains an SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “email” in the file...

PT-2026-32274

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...