216521 matches found
CVE-2026-34220
MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6....
EUVD-2026-17353
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-5198 code-projects Student Membership System Admin Login index.php sql injection
A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...
CVE-2026-5198 code-projects Student Membership System Admin Login index.php sql injection
A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...
CVE-2026-5198
A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is...
CVE-2026-5198
CVE-2026-5198 affects code-projects Student Membership System 1.0. The vulnerability lies in the Admin Login component, specifically an unknown function in /admin/index.php that manipulates the username/password parameters to cause SQL injection. Remote exploitation is possible, and the exploit h...
CVE-2026-5197
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-4317
SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...
CVE-2026-5197
The CVE-2026-5197 entry concerns code-projects Student Membership System 1.0. Affected component: an unknown function in /delete_user.php where manipulation of the ID parameter yields an SQL injection. The threat is remote and the exploit is public. No remediation details are provided in the docu...
CVE-2026-5197 code-projects Student Membership System delete_user.php sql injection
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-5197 code-projects Student Membership System delete_user.php sql injection
A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /deleteuser.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...
CVE-2026-4317 SQL inyection in Umami Software application
SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...
CVE-2026-5195
A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...
CVE-2026-5196
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2026-5196
The vulnerability CVE-2026-5196 affects code-projects Student Membership System 1.0. The issue resides in an unknown function of /delete_member.php where manipulating the ID parameter leads to SQL injection, exposing confidentiality and integrity with a low/medium impact per metrics. Exploitation...
CVE-2026-5196
A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /deletemember.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...
CVE-2026-5195 code-projects Student Membership System User Registration sql injection
A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...
CVE-2026-5195
A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely...
EUVD-2026-17329
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
CVE-2026-5182
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...