CVE-2019-25668

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

PT-2026-30492

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

PT-2026-30507

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

C4G Basic Laboratory Information System 访问控制错误漏洞

C4G Basic Laboratory Information System is an open-source laboratory information management system developed by C4G. Version 3.4 of the C4G Basic Laboratory Information System contains a vulnerability related to access control. This vulnerability stems from multiple SQL injection vulnerabilities,...

CVE-2026-27885

Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, a SQL Injection vulnerability was discovered in Piwigo affecting the Activity List API endpoint. This vulnerability allows an authenticated administrator to extract sensitive data from the database, including...

CVE-2026-34825

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

Payload has an SQL Injection via Query Handling

Impact Certain request inputs were not properly validated. An attacker could craft requests that influence SQL query execution, potentially exposing or modifying data in collections. Patches This issue has been fixed in v3.79.1 and later. Query input validation has been hardened. Upgrade to v3.79...

CVE-2026-33545 MobSF has SQL Injection in its SQLite Database Viewer Utils

MobSF is a mobile application security testing tool used. Prior to version 4.4.6, MobSF's readsqlite function in mobsf/MobSF/utils.py lines 542-566 uses Python string formatting % to construct SQL queries with table names read from a SQLite database's sqlitemaster table. When a security analyst...

GHSA-584P-RPVQ-35VF AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...

CVE-2019-25638 Meeplace Business Review Script Lastest SQL Injection via addclick.php

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

CVE-2019-25638

Meeplace Meeplace Business Review Script contains a SQL injection vulnerability in the addclick.php endpoint, exploitable via the id parameter to execute arbitrary SQL. The issue allows unauthenticated attackers to craft GET requests to retrieve sensitive database information and may facilitate d...

NetArt Media Vlog System SQL注入漏洞

NetArt Media Vlog System is a platform system developed by NetArt Media in Bulgaria, designed for building video blog websites and managing video content along with user interactions. The NetArt Media Vlog System has a SQL injection vulnerability. This vulnerability stems from SQL injection...

Simple E-Learning System SQL注入漏洞

Simple E-Learning System is a simple e-learning system developed by Carlo Montero. Version 1.0 of Simple E-Learning System has a SQL injection vulnerability. This vulnerability arises from improper handling of the postid parameter in the HTTP GET Parameter Handler component located in the file...

WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the livescheduleid parameter in the remindMe.json.php endpoint, which could...

CVE-2019-25578 phpTransformer 2016.9 SQL Injection via GeneratePDF.php

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

SQL Injection

Overview kysely is a Type safe SQL query builder Affected versions of this package are vulnerable to SQL Injection via the sanitizeStringLiteral function. An attacker can execute arbitrary SQL commands by supplying specially crafted input containing backslashes and quotes, which are not properly...

CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

itsourcecode Online Frozen Foods Ordering System SQL注入漏洞

itsourcecode Online Frozen Foods Ordering System is an open-source online frozen food ordering system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from incorrect handling of the parameter FirstName in the file admin/admin/editemployee.php. Th...

CVE-2026-2579

The CVE-2026-2579 entry refers to the WowStore – Store Builder & Product Blocks for WooCommerce plugin for WordPress. Affected component: the plugin’s SQL query handling in the search parameter appears vulnerable to SQL Injection in all versions up to and including 4.4.3. Root cause: insufficient...

CVE-2026-4236 itsourcecode Online Enrollment System index.php sql injection

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...