216733 matches found
CVE-2026-4569 SourceCodester Sales and Inventory System HTTP POST Request view_category.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /viewcategory.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is...
CVE-2026-4568
CVE-2026-4568 affects SourceCodester Sales and Inventory System 1.0. The vulnerability resides in the HTTP GET handler for /update_supplier.php, where manipulating the sid parameter yields an SQL injection. It is a network-accessible issue with LOW privilege requirements and no user interaction, ...
CVE-2026-4568
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...
CVE-2026-4568 SourceCodester Sales and Inventory System HTTP GET Request update_supplier.php sql injection
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...
EUVD-2026-14351
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /updatesupplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit h...
CVE-2026-2580
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...
wvp-GB28181-pro SQL注入漏洞
WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...
PT-2026-27103
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The explo...
PT-2026-27258
A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...
PT-2026-27073
A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The...
PT-2026-27042
Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System 1.0. The issue is related to the manipulation of the searchtxt argument within an HTTP POST request to...
PT-2026-27043
Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of HTTP POST requests. Specifically, manipulation of the searchtxt argument within a POST...
PT-2026-27247
A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/mod users/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument account id leads to sql injection. Remote exploitation of...
📄 OpenEMR 8.0.0 Authenticated SQL Injection
OpenEMR version 8.0.0 authenticated remote SQL injection exploit that leverages the name parameter in ajax/graphs.php. ====================================================================================================================== | Title : OpenEMR 8.0.0 Authenticated SQL Injection via nam...
ERUPT 安全漏洞
ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Version 1.13.3 of ERUPT contains a security vulnerability. This vulnerability stems from incorrect operations on the file erupt-ai/src/main/java/xyz/erupt/ai/call/impl/EruptDataQuery.java in the MCP Tool...
PT-2026-27044
Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A security flaw exists in SourceCodester Sales and Inventory System 1.0. The issue is related to SQL injection within the HTTP POST Request Handler functionality, specifically i...
PT-2026-27253
The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WWBN AVideo SQL注入漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of SQL queries within the onpublish.php callback function, which coul...
ERUPT 安全漏洞
ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...
PT-2026-27269
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...