CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1916 matches found

Cvelist•added 2026/03/12 3:36 p.m.•22 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS

Exploits0References2

GithubExploit•added 2026/03/12 2:38 a.m.•136 views

Exploit for SQL Injection in Vishalmathur Cloudclassroom-Php-Project

CVE-2026-2058-PoC – CloudClassroom PHP Project SQL Injection...

9.8CVSS6AI score0.00468EPSS

Exploits3

ATTACKERKB•added 2026/03/12 2:22 a.m.•0 views

CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS

Exploits0References7

Positive Technologies•added 2026/03/12 12:0 a.m.•2 views

PT-2026-24913

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenu contact lead form AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS

Exploits0References10

Positive Technologies•added 2026/03/12 12:0 a.m.•3 views

PT-2026-24989

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

7.1CVSS5.9AI score0.00284EPSS

Exploits0References5

Positive Technologies•added 2026/03/12 12:0 a.m.•2 views

PT-2026-24983

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...

8.8CVSS5.9AI score0.00393EPSS

Exploits1References3

Positive Technologies•added 2026/03/12 12:0 a.m.•1 views

PT-2026-24966

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac kategori id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00367EPSS

Exploits1References3

Positive Technologies•added 2026/03/12 12:0 a.m.•4 views

PT-2026-24990

uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system page GET parameter. Attackers can send crafted requests to index.php with malicious system page values using time-based blind...

8.8CVSS5.9AI score0.00335EPSS

Exploits0References3

Positive Technologies•added 2026/03/12 12:0 a.m.•2 views

PT-2026-24963

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthly expense overview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS

Exploits0References3

Positive Technologies•added 2026/03/12 12:0 a.m.•3 views

PT-2026-24978

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

8.8CVSS5.9AI score0.0036EPSS

Exploits1References3

Positive Technologies•added 2026/03/12 12:0 a.m.•4 views

PT-2026-24964

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

8.8CVSS5.9AI score0.00377EPSS

Exploits0References3

Positive Technologies•added 2026/03/12 12:0 a.m.•3 views

PT-2026-24972

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

8.8CVSS5.9AI score0.00331EPSS

Exploits1References3

CNNVD•added 2026/03/12 12:0 a.m.•3 views

iScripts ReserveLogic SQL注入漏洞

iScripts ReserveLogic is a reservation management system developed by the American company iScripts. iScripts ReserveLogic has a SQL injection vulnerability, which stems from the jqSearchDestination parameter being susceptible to SQL injections. This vulnerability could allow unauthenticated...

8.8CVSS5.9AI score0.00318EPSS

Exploits0References2

CNNVD•added 2026/03/12 12:0 a.m.•3 views

Xooscripts XooDigital SQL注入漏洞

Xooscripts XooDigital is a software developed by the Xooscripts company. Xooscripts XooDigital has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unauthenticated attackers to manipulate database queries and extract...

8.8CVSS5.8AI score0.00306EPSS

Exploits0References2

CNNVD•added 2026/03/12 12:0 a.m.•3 views

Xooscripts XooGallery SQL注入漏洞

Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability. This vulnerability stems from the photoid parameter, which allows for SQL injections. It may allow unauthorized attackers to extract sensitive data...

9.1CVSS5.8AI score0.00358EPSS

Exploits1References2

Positive Technologies•added 2026/03/12 12:0 a.m.•4 views

PT-2026-24996

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

8.8CVSS6.1AI score0.00315EPSS

Exploits1References3

Positive Technologies•added 2026/03/12 12:0 a.m.•3 views

PT-2026-24965

iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...

8.8CVSS5.9AI score0.00318EPSS

Exploits0References3

Cvelist•added 2026/03/11 6:23 p.m.•29 views

CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

8.8CVSS0.00334EPSS

Exploits0References3

ATTACKERKB•added 2026/03/11 6:23 p.m.•1 views

CVE-2019-25486

8.8CVSS5.9AI score0.00334EPSS

Exploits0References3Affected Software1