PT-2025-52829

Name of the Vulnerable Software and Affected Versions Orangescrum version 1.8.0 Description Orangescrum version 1.8.0 has an authenticated SQL injection issue. Authorized users can manipulate database queries through vulnerable parameters. Specifically, attackers can inject malicious SQL code int...

CVE-2023-53972 WebTareas 2.4 Unauthenticated SQL Injection via Session Cookie Parameter

WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and time-based blind SQL injection techniques to extract database information and potentially access...

CVE-2023-53935

WBiz Desk 1.2 contains a SQL injection vulnerability that allows non-admin users to manipulate database queries through the 'tk' parameter in ticket.php. Attackers can inject crafted SQL statements using UNION-based techniques to extract sensitive database information by sending malformed request...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 - Environnement d'Expérimentation Architecture...

CVE-2025-67736 Authenticated SQL Injection in FreePBX tts (Text To Speech) module

The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

CVE-2025-10738

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

EUVD-2025-203183

The Design Import/Export plugin for WordPress is vulnerable to SQL Injection via XML File Import in all versions up to, and including, 2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2025-203218

The افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

EUVD-2025-203240

The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2025-13077

The افزونه پیامک ووکامرس فوق حرفه ای جدید payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and including, 1.3.5. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...

CVE-2025-10738

The URL Shortener Plugin For WordPress plugin for WordPress is vulnerable to SQL Injection via the ‘analyticid’ parameter in all versions up to, and including, 3.0.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2025-14068

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-51092

The Filter & Grids plugin for WordPress is vulnerable to SQL Injection via the 'phrase' parameter in all versions up to, and including, 3.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2024-58307

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

CVE-2025-14068

The WPNakama plugin for WordPress is vulnerable to time-based SQL Injection via the 'orderby' parameter in all versions up to, and including, 0.6.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2024-55326

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks...

PT-2025-50892

Name of the Vulnerable Software and Affected Versions WPNakama plugin for WordPress versions up to and including 0.6.3 Description The WPNakama plugin for WordPress is susceptible to time-based SQL Injection through the order by parameter. Insufficient escaping of user-supplied input and inadequa...

PT-2025-50901

Name of the Vulnerable Software and Affected Versions FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress versions through 3.13.1.5 Description The software is susceptible to a time-based blind SQL Injection issue via the opid parameter. This is due to inadequate input...