31 matches found
CVE-2026-43937
YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5, Any admin OnPost… handler executes its side effects before the ResultFilterAttribute rewrites the response to a 302 to /Info/4. The most impactful abuse is /Admin/RunSql, whose OnPostRunQuery binds Editor from the POST body and...
PT-2026-38087
Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in FilterEngine.create postgres query. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database through the DID search...
EUVD-2026-23368
An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product...
CVE-2025-58112
Microsoft Dynamics 365 Customer Engagement on-premises 1612 9.0.2.3034 allows the generation of customized reports via raw SQL queries in an upload of a .rdl Report Definition Language file; this is then processed by the SQL Server Reporting Service. An account with the privilege Add Reporting...
PT-2026-23007
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.0 Description The /api/query/sql endpoint allows users to execute SQL queries directly on the database. However, it only verifies basic authentication and does not check for administrative privileges. This allows a...
CVE-2025-27378
The CVE-2025-27378 entry describes an SQL injection in AES due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When sql.parsing is not enabled, crafted input can be mishandled, allowing arbitrary SQL queries to be injected and executed. Documented impac...
CVE-2025-27378 SQL Injection in AES Due to Inactive SQL Parsing Configuration
AES contains a SQL injection vulnerability due to an inactive configuration that prevents the latest SQL parsing logic from being applied. When this configuration is not enabled, crafted input may be improperly handled, allowing attackers to inject and execute arbitrary SQL queries...
PT-2026-1748
Name of the Vulnerable Software and Affected Versions BeeS Software Solutions BET Portal affected versions not specified Description BeeS Software Solutions BET Portal contains an SQL injection vulnerability in the login functionality of affected sites. This allows for the execution of arbitrary...
GHSA-2JM2-2P35-RP3J OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter
Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...
WordPress Blappsta Mobile App plugin SQL Injection Vulnerability
WordPress Blappsta Mobile App plugin is a plugin that converts WordPress websites into native iOS and Android mobile apps. The WordPress Blappsta Mobile App plugin suffers from a SQL injection vulnerability that stems from the application missing validation of SQL statements in the nhynaacomments...
EUVD-2023-43067
Malicious code in bioql PyPI...
Simple Grading System add_student_grade.php File SQL Injection Vulnerability
Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...
Linux Distros Unpatched Vulnerability : CVE-2019-10208
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitra...
Simple Cafe Ordering System portal.php File SQL Injection Vulnerability
Simple Cafe Ordering System is a simple coffee ordering system. Simple Cafe Ordering System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /portal.php. An attacker can exploit this...
CVE-2025-51506
In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the api/smartlibrary/v2/en/dictionaries/options/looku...
CVE-2025-54474 Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla
A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...
CVE-2025-8279
Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution...
PT-2025-31109 · Gitlab · Gitlab Language Server
Name of the Vulnerable Software and Affected Versions: GitLab Language Server versions 7.6.0 through 7.29.0 Description: Insufficient input validation within GitLab Language Server allows arbitrary GraphQL query execution. Recommendations: Update to GitLab Language Server version 7.30.0 or later...
Chat System update_account.php File SQL Injection Vulnerability
Chat System is a chat system. Chat System suffers from a SQL injection vulnerability that stems from an error in the parameter musername in the file /user/updateaccount.php that lacks validation of an externally entered SQL statement. An attacker can use this vulnerability to execute illegal SQL...
Code-Projects Inventory Management System 注入漏洞
Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter brandId in the file /phpaction/fetchSelectedBrand.php. An attacke...