EUVD-2017-18985

Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

CVE-2026-11407

PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...

CVE-2026-11407 Pimcore CMS 12.3.8 Twig Sandbox Bypass via SecurityPolicy checkMethodAllowed

Pimcore CMS/DXP version 12.3.8 contains a sandbox bypass vulnerability that allows authenticated administrative attackers to execute arbitrary methods on PHP objects by exploiting empty checkMethodAllowed and checkPropertyAllowed implementations in the custom Twig SecurityPolicy. Attackers can...

CVE-2016-20069

WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...

TYPO3 CMS has Broken Access Control in its Form Framework

Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions e.g., .FORM.YAML to bypass the Form Framework's upload restriction. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers ...

CVE-2026-48613

Affects phpBB forums that were upgraded from versions prior to 3.3.8 and have not been updated to 3.3.11 or newer. The issue lies in the profile field migration process where user-supplied profile field data is not properly sanitized, allowing an SQL injection. The vulnerability enables execution...

CVE-2026-8335 Missing authentication in Aix-DB

A missing authentication check on the Aix‑DB "/llm/processllmout" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks the token validation enforced on all other application endpoints. All releases up to 1.2.4 are...

CVE-2026-11607 TYPO3 CMS - Broken Access Control in Form Framework

Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously crafted form definition files can be used to execute arbitrary SQL statements, allowing attackers to...

SAP S/4HANA SQL注入漏洞

SAP S/4HANA is a enterprise resource management software developed by SAP, a German company, based on the SAP HANA memory database system. SAP S/4HANA has a SQL injection vulnerability, which stems from SQL injections in remote enabled module components, potentially allowing unauthorized database...

PT-2026-47737

Name of the Vulnerable Software and Affected Versions TYPO3 CMS versions prior to 10.4.57 TYPO3 CMS versions 11.0.0 through 11.5.51 TYPO3 CMS versions 12.0.0 through 12.4.46 TYPO3 CMS versions 13.0.0 through 13.4.31 TYPO3 CMS versions 14.0.0 through 14.3.3 Description Backend users with access to...

CVE-2026-4126

The Table Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0 via the 'tablemanager' shortcode. The shortcode handler tablemanagerrendertableshortcode takes a user-controlled table attribute, applies only sanitizekey for...

twitter-clone SQL注入漏洞

twitter-clone is an application by Fiffe Individual Developers. twitter-clone uses + Vue 3 + light to go development + TailwindCSS + PostgreSQL + recapitulation Twitter-Clone version 1 suffers from a SQL injection vulnerability that stems from the injection of SQL code via the userid parameter in...

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

PT-2026-41892

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server versions 6.1 build 167 and earlier Description Broken Access Control exists in the communication with the database. Due to a lack of permission checks, a low privileged user can execute arbitrary SQL queries within the...

PT-2026-41559

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloa...

CVE-2026-44863

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

EUVD-2026-29812

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...

CVE-2026-44864

SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...