Lucene search
K

216722 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27520

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

6.5CVSS6.5AI score0.00245EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.8 views

Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

8.8CVSS6.2AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 11:38 p.m.6 views

CVE-2026-4615

The CVE-2026-4615 entry details a SQL injection in SourceCodester Online Catering Reservation 1.0, triggered by manipulating the rcode parameter in the /search.php function. The vulnerability is exploitable remotely, and public exploits are available. Affected component is an unknown function wit...

7.5CVSS7AI score0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:38 p.m.5 views

CVE-2026-4615

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

7.5CVSS7AI score0.00318EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:38 p.m.3 views

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/23 11:38 p.m.30 views

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS0.00192EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 11:38 p.m.2 views

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

6.5CVSS6.3AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/23 11:17 p.m.7 views

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00409EPSS
Exploits0References4
NVD
NVD
added 2026/03/23 11:17 p.m.4 views

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS0.00318EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 11:4 p.m.25 views

CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS0.00259EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:4 p.m.2 views

CVE-2026-4613

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/23 11:4 p.m.2 views

CVE-2026-4613 SourceCodester E-Commerce Site products.php sql injection

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS5.7AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 10:25 p.m.4 views

CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/23 10:25 p.m.25 views

CVE-2026-4306 WP Job Portal <= 2.4.8 - Unauthenticated SQL Injection via 'radius' Parameter

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS0.00409EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.4 views

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

7.5CVSS5.9AI score0.00409EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/23 10:25 p.m.1 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:25 p.m.0 views

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References6
CVE
CVE
added 2026/03/23 10:25 p.m.17 views

CVE-2026-2412

The CVE-2026-2412 entry documents a SQL Injection vulnerability in the WordPress plugin “Quiz and Survey Master (QSM)” up to version 10.3.5. The root cause is insufficient sanitization of the merged_question parameter: sanitize_text_field() does not block SQL metacharacters, which are directly co...

6.5CVSS5.9AI score0.00318EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/23 10:25 p.m.34 views

CVE-2026-2412 Quiz and Survey Master (QSM) <= 10.3.5 - Authenticated (Contributor+) SQL Injection via 'merged_question' Parameter

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

6.5CVSS0.00318EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 9:57 p.m.2 views

CVE-2026-4612

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

7.5CVSS6.7AI score0.00254EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder