CVE-2026-48874

The CVE documents an SQL Injection in WordPress GamiPress plugin versions

EUVD-2026-36811

Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...

CVE-2016-20069

CVE-2016-20069 affects WordPress plugin WordPress Booking Calendar Contact Form 1.0.23. It contains an unauthenticated blind SQL injection in the shortcode function where the calendar parameter is not sanitized before being used in database queries. This allows an attacker to inject SQL commands ...

CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi

The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

CVE-2026-11484

A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...

CVE-2026-10731 SQL injection in Nemon products

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

CVE-2026-44744

Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...

PT-2026-47762

Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...

WordPress plugin Wow Forms SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-11506

A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...

CodeAstro Student Attendance Management System 注入漏洞

CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter className in...

CVE-2026-45779

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

CVE-2026-33078

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxysectionsave function in app/routes/config/routes.py. The serverip parameter, sourced from the URL path, is passed unsanitized through...

CVE-2026-22599

Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...

CVE-2026-40315

PraisonAI is a multi-agent teams system. Prior to 4.5.133, there is an SQL identifier injection vulnerability in SQLiteConversationStore where the tableprefix configuration value is directly concatenated into SQL queries via f-strings without any validation or sanitization. Since SQL identifiers...

CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

EUVD-2025-210048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

OFCMS SQL注入漏洞

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from an SQL injection in the Query function of the SysUserController.java file within the JSON query interface...

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...