216516 matches found
PT-2026-30963
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in PropertyTypeEditor.php, part of the administration functionality for managing property type categories People → Person Properties / Family Properties. The vulnerability was introduced whe...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the QueryView.php file, where the searchwhat parameter is vulnerable to attacks due to SQL injection...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 had a SQL injection vulnerability. This vulnerability stems from the SQL injection in the type array parameter of the /SettingsIndividual.php endpoint, which could lead to the extraction and...
PT-2026-30965
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 7.1.0 Description ChurchCRM, an open-source church management system, has an issue where the searchwhat parameter in 'QueryView.php' with 'QueryID=15' is susceptible to SQL injection. An authenticated user needs...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of the NewRole parameter at the /MemberRoleChange.php endpoint, which could lead to SQL injection attacks...
ChurchCRM SQL注入漏洞
ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 7.1.0 contained a SQL injection vulnerability. This vulnerability stemmed from a second-level SQL injection in the /FundRaiserEditor.php endpoint, which could lead to the disclosure or modification of...
PT-2026-30914
Name of the Vulnerable Software and Affected Versions Windmill CE and EE versions 1.276.0 through 1.603.2 Description Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality. Authenticated attackers can inject SQL...
PT-2026-30951
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles ManageGroups can inject arbitrary SQL statements through the NewRole...
PT-2026-30889
ChurchCRM is an open-source church management system. Prior to 7.1.0, the NewRole POST parameter in src/MemberRoleChange.php is used in an SQL query without proper integer validation, allowing authenticated users to inject arbitrary SQL. The attack requires an authenticated session with...
PT-2026-30966
ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The EN tyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute...
Frappe SQL注入漏洞
Frappe is a web development framework based on Python and Mariadb, with integrated front-end pages, developed by the Indian company Frappe. Versions of Frappe prior to 16.14.0 and 15.104.0 have a SQL injection vulnerability. This vulnerability stems from the bulkupdate function, which has an SQL...
VulnCheck KEV: CVE-2024-3605
The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'roomtype' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on...
CVE-2026-5586
A vulnerability was determined in zhongyu09 openchatbi up to 0.2.1. The impacted element is an unknown function of the component Multi-stage Text2SQL Workflow. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been...
CVE-2026-5596
A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...
CVE-2026-5587
A vulnerability was identified in wbbeyourself MAC-SQL up to 31a9df5e0d520be4769be57a4b9022e5e34a14f4. This affects the function executesql of the file core/agents.py of the component Refiner Agent. The manipulation leads to sql injection. Remote exploitation of the attack is possible. The exploi...
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395 WeGIA has a SQL Injection in DespachoDAO.php via id_memorando parameter
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
EUVD-2026-19495
WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...
CVE-2026-35395
CVE-2026-35395 affects WeGIA, a web manager for charitable institutions. Before version 3.6.9, the vulnerability exists in dao/memorando/DespachoDAO.php where the parameter id_memorando is read from $_REQUEST without validation and directly interpolated into SQL queries. This leads to a SQL injec...