PT-2026-31895

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0 Description A SQL injection issue exists due to manipulation of the fname argument in the file '/updatedetailsfromstudent.php?eno=146891650'. This can be exploited remotely. The exploit has been publicly...

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36232

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

CVE-2026-36235

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

PT-2026-31902

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A flaw exists in code-projects Vehicle Showroom Management System 1.0, specifically within the /util/AddVehicleFunction.php file. Manipulation of the BRANCH ID argument can lead to SQL...

Code-Projects Patient Record Management System SQL注入漏洞

The Code-Projects Patient Record Management System is an open-source medical record management system developed by Code-Projects. Version 1.0 of the Code-Projects Patient Record Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the hemi...

CVE-2026-36234

CVE-2026-36234 affects the itsourcecode Online Student Enrollment System v1.0. The vulnerability is a SQL Injection in the file newCourse.php via the 'coursename' parameter, caused by unvalidated input leading to unauthorized database access. CVSSv3.1 metrics indicate a critical impact (C:H, I:H,...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...

PT-2026-31924

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

PT-2026-31869

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom versions 1.0/2.php Description A security flaw exists in CodeAstro Online Classroom 1.0/2.php, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. Manipulation of the Q1 argument leads to a SQL...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling...

CVE-2026-23780

Affected product: BMC Control-M/MFT 9.0.20–9.0.22. Vulnerability: SQL injection in the MFT API debug interface due to improper input validation and unsafe dynamic SQL handling. Impact: authenticated attacker can read/write arbitrary files and may achieve remote code execution; no exploit details ...

SourceCodester Engineers Online Portal 安全漏洞

SourceCodester Engineers Online Portal is an online portal for engineers, developed by SourceCodester as open source. Version 1.0 of the SourceCodester Engineers Online Portal contains a security vulnerability. This vulnerability stems from the newpassword parameter in the updatepassword.php file...

PT-2026-31859

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection flaw exists in the /delete-category.php file of Simple IT Discussion Forum version 1.0. Manipulation of the cat id argument can trigger the injection. The attack can be initiat...

CVE-2026-29861

CVE-2026-29861 affects PHP-MYSQL-User-Login-System v1.0, with a SQL injection vulnerability in login.php via the username parameter. The root cause is unsafely constructed SQL queries that incorporate unvalidated user input, leading to potential unauthorized disclosure/integrity impact and possib...