712 matches found
Grocery Crud security vulnerability
Grocery Crud is an open-source software development tool created by Grocery Crud. Version 1.6.4 of Grocery Crud contains a security vulnerability, which stems from SQL injection in the orderby parameter, potentially allowing for manipulation of database queries...
CVE-2026-22197 GestSup < 3.2.60 Multiple SQL Injections in Asset List
GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...
CVE-2021-33688
SAP Business One allows an attacker with business privileges to execute crafted database queries, exposing the back-end database. Due to framework restrictions, only some information can be obtained...
PT-2026-2169
Name of the Vulnerable Software and Affected Versions GestSup versions up to and including 3.2.56 Description GestSup versions up to and including 3.2.56 contain a SQL injection issue in the ticket creation functionality. User-controlled input during ticket creation is used in SQL queries without...
CVE-2025-55065
CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...
CVE-2023-54163
CVE-2023-54163 affects NLB mKlik Macedonia 3.3.12, where a SQL injection vulnerability exists in the international transfer parameters. The root cause is unsanitized input allowing arbitrary SQL execution, potentially exposing sensitive data from the mobile banking application. The CVSSv3.1 vecto...
CVE-2023-53926
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
CVE-2023-53926
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database...
PT-2025-51869
Name of the Vulnerable Software and Affected Versions ChurchCRM versions prior to 6.5.3 Description ChurchCRM is an open-source church management system. A SQL injection issue exists in the src/UserEditor.php file. When an administrator saves a user’s configuration settings, the keys of the type...
CVE-2023-53734
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...
CVE-2023-53734
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...
PT-2025-49129
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access...
DEBIAN-CVE-2025-12819
Untrusted search path in authquery connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious searchpath parameter in the StartupMessage...
CVE-2025-13596
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
EUVD-2025-199709
The TAX SERVICE Electronic HDM WordPress plugin before 1.2.1 does not authorization and CSRF checks in an AJAX action, allowing unauthenticated users to import and execute arbitrary SQL statements...
EUVD-2025-198625
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
PT-2025-47890
A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client...
CVE-2025-60798
CVE-2025-60798 affects phpPgAdmin 7.13.0 and earlier. The vulnerability is a SQL injection in display.php (line 396) where user-controlled input from $_REQUEST['query'] is passed directly to browseQuery without sanitization. An authenticated attacker can manipulate the query to execute arbitrary ...
Malicious Package
Overview MCDbRepository is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023 and...
Malicious Package
Overview SqlUnicornCoreTest is a malicious package. This package contains malicious code that injects time-delayed destructive payloads into database operations and target industrial control systems. Published under the NuGet alias shanhai666 together with 8 other malicious packages between 2023...