SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

CVE-2025-45018

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands

The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...

CVE-2025-45956

A SQL injection vulnerability in managedamage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter...

CVE-2024-12706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

CVE-2024-12706 SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

CVE-2025-28076

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...

CVE-2025-28076

CVE-2025-28076 describes multiple SQL injection vulnerabilities in EasyVirt DCScope prior to or at 8.6.4 and EasyVirt CO2Scope prior to or at 1.3.4. The root cause is unsafely handled user-supplied parameters across API endpoints, allowing remote authenticated attackers to execute arbitrary SQL c...

CVE-2025-25228

CVE-2025-25228 affects VirtueMart for Joomla (versions 1.0.0–4.4.7). A backend SQL injection in the product management area allows authenticated administrators to execute arbitrary SQL commands. Practical impact is data access/manipulation in the VirtueMart backend. Remediation cited in PT-2025-1...

SQL Injection

flowise-components is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the tableName parameter in PostgresVectorStore, which allows an attacker to execute arbitrary SQL commands...

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2024-36465 SQL injection in Zabbix API

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2025-30364

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

PT-2025-13576 · Epicor · Epicor Hcm

Name of the Vulnerable Software and Affected Versions: Epicor HCM version 2021 1.9 Description: A SQL injection vulnerability exists in the Epicor HCM, specifically in the filter parameter of the "JsonFetcher.svc" endpoint. An attacker can exploit this vulnerability by injecting malicious SQL...

CVE-2025-30365

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/socio/sistema/controller/querygeracaoauto.php, specifically in the query parameter. This vulnerability allows the execution of arbitrary SQL...

CVE-2025-30365

CVE-2025-30365 concerns WeGIA, a web manager for charitable organizations. The flaw is a SQL Injection in the endpoint "/WeGIA/html/socio/sistema/controller/query_geracao_auto.php" (parameter \query\\). Affected versions are prior to 3.2.8. Successful exploitation enables arbitrary SQL execution,...

CVE-2024-10901

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/chart/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file...