CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

CVE-2021-47801

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

CVE-2025-67081

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

CVE-2025-70893

CVE-2025-70893 affects PHPGurukul Cyber Cafe Management System v1.0 in adminprofile.php (adminname parameter). The vulnerability is a time-based blind SQL Injection caused by insufficient input sanitization, allowing authenticated attackers to inject arbitrary SQL expressions. Impact is rated Hig...

CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848

Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...

EUVD-2026-2449

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

CVE-2018-1000867

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2022-31296

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/viewpost.php...

CVE-2022-0349

The NotificationX WordPress plugin before 2.3.9 does not sanitise and escape the nxid parameter before using it in a SQL statement, leading to an Unauthenticated Blind SQL Injection...

CVE-2022-26632

Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/viewproduct.php...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

CVE-2022-0842

A blind SQL injection vulnerability in McAfee Enterprise ePolicy Orchestrator ePO prior to 5.10 Update 13 allows a remote authenticated attacker to potentially obtain information from the ePO database. The data obtained is dependent on the privileges the attacker has and to obtain sensitive data...

CVE-2025-23912

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Philipp Speck WordPress Custom Sidebar wordpress-custom-sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through = 2.3...

CVE-2025-67928

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through = 18.6...

CVE-2025-67921 WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through 2.8.6...