CVE-2019-25303

The CVE-2019-25303 entry affects TheJshen ContentManagementSystem 1.04. It describes a SQL injection vulnerability exploitable via the GET parameter id, enabling boolean-based, time-based, and UNION-based techniques to extract or manipulate database information. The available documents consistent...

CVE-2019-25300

thejshen Globitek CMS 1.4 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to potentially extract or modify database information...

PT-2026-6829

Name of the Vulnerable Software and Affected Versions QuickDate version 1.3.2 Description The software contains a SQL injection issue that allows remote attackers to manipulate database queries. This is achieved through the located parameter in the /find matches API endpoint. Attackers can inject...

CVE-2020-37151

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

CVE-2020-37151

phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmcusername parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to extract sensitive database...

CVE-2020-37151

CVE-2020-37151 affects PHPMyChat Plus 1.98, with a SQL injection in deluser.php via the pmc_username parameter. The root cause is improper handling of user input in the deluser.php code, enabling attackers to craft payloads that perform boolean-based, error-based, and time-based blind SQL injecti...

CVE-2025-15268

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-13192

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

CVE-2025-13192

The Popup builder with Gamification, Multi-Step Popups, Page-Level Targeting, and WooCommerce Triggers plugin for WordPress is vulnerable to generic SQL Injection via the multiple REST API endpoints in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied...

CVE-2026-25514 FacturaScripts has SQL Injection vulnerability in Autocomplete Actions

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including...

CVE-2026-0816

The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'deleteid' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-15268

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-15268

Summary: CVE-2025-15268 affects the Infility Global WordPress plugin. Multiple sources confirm unauthenticated SQL Injection via the API action ‘infility_get_data’ in all versions up to and including 2.14.46. Technical details (supported by connected docs): The issue arises from insufficient esca...

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37076

Victor CMS version 1.0 contains a SQL injection vulnerability in the 'post' parameter on post.php that allows remote attackers to manipulate database queries. Attackers can exploit this vulnerability by sending crafted UNION SELECT payloads to extract database information through boolean-based,...

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

CVE-2020-37083 addressbook 9.0.0.1 - 'id' SQL Injection

PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQL statements with time delays to extract information by observing response times in the photo.php...

CVE-2020-37112

GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...