216737 matches found
PT-2026-27193
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform susceptible to a SQL injection flaw. The Subscribe::save method within objects/subscribe.php directly incorporates the this-users id property into an...
ERUPT 安全漏洞
ERUPT is a low-code + AI-based framework developed by YuePeng, a personal developer in China. Versions of ERUPT prior to 1.13.3 contain security vulnerabilities. These vulnerabilities stem from incorrect handling of the sort.field parameter in the...
PT-2026-27269
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
WordPress plugin WP Job Portal SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
Code-Projects Simple Laundry System SQL注入漏洞
Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a SQL...
WordPress plugin Quiz and Survey Master SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the sid...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from improper handling of the searchtxt...
PT-2026-27166
A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...
wvp-GB28181-pro SQL注入漏洞
WVP-GB28181-pro is a video monitoring platform developed by individual developer 648540858. Versions of WVP-GB28181-pro 2.7.4 and earlier have a SQL injection vulnerability. This vulnerability stems from a SQL injection vulnerability in the selectAll function within the Stream Proxy Query Handler...
CVE-2026-2580
The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 4.9.1 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2026-14310
A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainerid/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...
CVE-2026-4550
A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainerid/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...
CVE-2026-4550 code-projects Simple Gym Management System func.php sql injection
A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainerid/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...
EUVD-2026-14289
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...
CVE-2026-4540
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
CVE-2026-4540
The CVE-2026-4540 entry concerns projectworlds Online Notes Sharing System 1.0. The flaw lies in the Parameters Handler’s processing of the login.php input, where manipulation of the Benutzer argument enables SQL Injection. A remote attacker could exploit this, and public exploits are mentioned i...
CVE-2026-4540
A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...
CVE-2026-4533
A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...