1916 matches found
CVE-2020-37108
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
CVE-2020-37112
GUnet OpenEclass 1.7.3 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through unvalidated parameters. Attackers can exploit the 'month' parameter in the agenda module and other endpoints to extract sensitive database information...
CVE-2020-37112
CVE-2020-37112 affects GUnet OpenEclass 1.7.3. The provided documents describe multiple SQL injection vulnerabilities in the agenda module and other endpoints, exploitable by authenticated attackers to manipulate queries and extract sensitive data via error-based or time-based techniques (via the...
CVE-2020-37108 PhpIX 2012 Professional - 'id' SQL Injection
PhpIX 2012 Professional contains a SQL injection vulnerability in the 'id' parameter of productdetail.php that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the 'id' parameter to potentially extract or modify database information...
PT-2026-5857
Name of the Vulnerable Software and Affected Versions GUnet OpenEclass version 1.7.3 Description The software contains multiple SQL injection flaws. Authenticated attackers can manipulate database queries through unvalidated parameters. Attackers can exploit the month parameter in the agenda modu...
VulnCheck KEV: CVE-2025-4396
The Relevanssi – A Better Search plugin for WordPress is vulnerable to time-based SQL Injection via the cats and tags query parameters in all versions up to, and including, 4.24.4 Free and = 2.27.5 Premium due to insufficient escaping on the user supplied parameter and lack of sufficient...
📄 Pragyan CMS 3.0 Blind SQL Injection
A critical blind SQL injection vulnerability exists in Pragyan CMS version 3.0 and earlier, affecting the main index endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database. This issue is older research...
CVE-2026-0683
The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...
EUVD-2020-30944
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...
CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection
Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...
CVE-2020-37057
CVE-2020-37057 affects Online-Exam-System 2015. A SQL injection in the feedback module is exploitable via the fid parameter, enabling manipulation of database queries and potential extraction, modification, or deletion of data. The CVSS metrics indicate high impact to confidentiality, integrity, ...
PT-2026-5493
Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a SQL injection issue within the feedback module. Attackers can manipulate database queries by injecting malicious SQL code through the fid parameter. This could allow attackers...
EUVD-2020-30917
berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...
CVE-2020-37006
CVE-2020-37006 affects berliCRM 1.0.24, where a SQL injection vulnerability resides in the 'src_record' parameter. An attacker can craft a POST request to index.php to manipulate database queries and potentially extract or modify data. Affected component: src_record parameter handling in berliCRM...
CVE-2026-0702
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2026-5163
Name of the Vulnerable Software and Affected Versions SmartBlog version 2.0.1 Description The software contains a blind SQL injection issue in the id post parameter of the details controller. This allows attackers to extract database information by injecting crafted SQL queries that compare...
GHSA-QP2J-V5JG-HG68 LibreNMS contains an authenticated SQL Injection vulnerability
LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve...
LibreNMS contains an authenticated SQL Injection vulnerability
LibreNMS 1.46 contains an authenticated SQL Injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL Injection techniques to retrieve...
CVE-2026-1479
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...
EUVD-2026-4781
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...