Xooscripts XooGallery SQL注入漏洞

Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the catid parameter. This vulnerability could allow unverified attackers to manipulate...

Hotel-Booking-Script uHotelBooking SQL注入漏洞

Hotel-Booking-Script uHotelBooking is a hotel room reservation management system developed by Hotel-Booking-Script Inc. Hotel-Booking-Script uHotelBooking has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the systempage parameter, which may allow...

Netartmedia Deals Portal SQL注入漏洞

Netartmedia Deals Portal is a discount trading website system operated by the Bulgarian company Netartmedia. The Netartmedia Deals Portal has a SQL injection vulnerability, which stems from SQL injection attacks in email parameters. This vulnerability could allow unverified attackers to manipulat...

Netartmedia PHP Dating Site SQL注入漏洞

Netartmedia PHP Dating Site is a dating website system operated by the Bulgarian company Netartmedia. The Netartmedia PHP Dating Site has a SQL injection vulnerability, which stems from SQL injections in email parameters. This vulnerability could allow unverified attackers to manipulate database...

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

Netartmedia Real Estate Portal SQL注入漏洞

Netartmedia Real Estate Portal is a real estate transaction website system operated by the Bulgarian company Netartmedia. Version 5.0 of Netartmedia Real Estate Portal has a SQL injection vulnerability. This vulnerability stems from the useremail parameter, which allows for SQL injections,...

PT-2026-24999

🚨 CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind...

PT-2026-24632

Socket.IO clients can send arbitrary JavaScript objects as the id argument to any service method get, patch, update, remove. The transport layer performs no type checking on this argument. When the service uses the MongoDB adapter, these objects pass through getObjectId and land directly in the...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to insufficient enforcement of tenant isolation in the database query process. An attacker can access sensitive data belonging to other tenants, such as API keys, model configurations...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

EUVD-2019-19724

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...

NCrypted Jobgator SQL注入漏洞

NCrypted Jobgator is a recruitment website construction script developed by the US company NCrypted. NCrypted Jobgator has a SQL injection vulnerability, which stems from the experience parameter being susceptible to SQL injections. This vulnerability could allow unverified attackers to manipulat...

CVE-2026-26884

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

CVE-2026-1487

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to SQL Injection via the JSON Import in all versions up to, and including, 5.2.7 due to insufficient validation on the user-supplied JSON data. This makes it possible for authenticated attackers...

CVE-2026-28218

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

CVE-2026-28218 Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12....

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...

CVE-2019-25440

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prodid parameter. Attackers can send GET requests to productdetail.php with malicious prodid values to extract sensitive database informatio...