216712 matches found
EUVD-2026-14660
A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...
EUVD-2026-14658
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
EUVD-2026-14604
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...
EUVD-2026-14608
The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...
EUVD-2026-14620
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-4615
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-4613
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
PT-2026-27376
Name of the Vulnerable Software and Affected Versions Bootstrapy CMS affected versions not specified Description Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. This can lead to the extraction of...
PT-2026-27374
Name of the Vulnerable Software and Affected Versions Inout Article Base CMS affected versions not specified Description Unauthenticated attackers can manipulate database queries using SQL injection. By sending GET requests to the 'portalLogin.php' endpoint, attackers can inject SQL code via...
WordPress plugin LearnDash LMS SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-30655
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
PT-2026-27375
Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten password module to...
Meeplace Business Review Script SQL注入漏洞
The Meeplace Business Review Script is a scripting system developed by Meeplace company for creating websites that allow businesses to review and rate their customers. The Meeplace Business Review Script has a SQL injection vulnerability. This vulnerability arises from SQL injection attacks,...
SourceCodester Online Catering Reservation SQL注入漏洞
SourceCodester Online Catering Reservation is an open-source online catering reservation system developed by SourceCodester. Version 1.0 of SourceCodester Online Catering Reservation has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...
Parse Server SQL注入漏洞
Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...
SourceCodester Online Admission System SQL注入漏洞
The SourceCodester Online Admission System is an open-source online admission system developed by SourceCodester. Version 1.0 of the SourceCodester Online Admission System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the program parameter in the...
SourceCodester Online Library Management System SQL注入漏洞
The SourceCodester Online Library Management System is an open-source online library management system developed by SourceCodester. Version 1.0 of the SourceCodester Online Library Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...
PT-2026-27331
The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...
PT-2026-27439
SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...
Bootstrapy CMS SQL注入漏洞
Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...