CVE-2026-5640

A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection. The attack is possible to be...

CVE-2026-5635

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be...

CVE-2026-5636

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-5641

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

CVE-2026-5634

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /bookcar.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The...

CVE-2026-5637

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /messageadmin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The...

EUVD-2026-19578

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...

CVE-2026-4079

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...

CVE-2026-4079 SQL Chart Builder < 2.3.8 - Unauthenticated SQL Injection

The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality...

CVE-2026-4079

CVE-2026-4079 pertains to the WordPress plugin “SQL Chart Builder”. Multiple connected sources confirm that versions before 2.3.8 do not properly escape user input before concatenating it into SQL queries used by the dynamic filter functionality, enabling SQL injection. The trigger is unauthentic...

CVE-2026-5606

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

EUVD-2026-19561

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...

CVE-2026-5719

A flaw has been found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /borrowedtool.php. Executing a manipulation of the argument code can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may b...

PT-2026-30979

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument...

ChurchCRM SQL注入漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the type array parameters by the /SettingsUser.php endpoint, which could lead to SQL injection attacks...

PowerJob SQL注入漏洞

PowerJob is an open-source distributed computing and job scheduling framework developed by PowerJob. It allows developers to easily schedule tasks within their applications. Versions 5.1.0, 5.1.1, and 5.1.2 of PowerJob contain SQL injection vulnerabilities. These vulnerabilities stem from incorre...

PT-2026-30958

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsIndividual.php in ChurchCRM 7.0.5. Authenticated users without any specific privileges can inject arbitrary SQL statements through the type array parameter via t...

PT-2026-30888

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical SQL injection vulnerability exists in src/Reports/FundRaiserStatement.php where the $ SESSION'iCurrentFundraiser' value is used in an unquoted numeric SQL context without integer validation. The value originates from...

PT-2026-30835

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

PT-2026-30944

ChurchCRM is an open-source church management system. Prior to 7.1.0, the GroupPropsFormRowOps.php file contains a SQL injection vulnerability. User input in the Field parameter is directly inserted into SQL queries without proper sanitization. The mysqli real escape string function does not esca...