SQL Injection

Craft CMS is vulnerable to a SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

WordPress plugin Booking Calendar SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2019-19776

Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...

CVE-2019-25530

The CVE describes an SQL injection in the uHotelBooking System where unauthenticated attackers can inject through the system_page GET parameter in index.php. The vulnerability enables time-based blind SQL injection to extract sensitive database information, with CVSS scores indicating HIGH impact...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

CVE-2026-3981 itsourcecode Online Doctor Appointment System doctor_action.php sql injection

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

GHSA-RCCQ-2FXQ-7X3H LimeSurvey is vulnerable to SQL injection

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

SAP NetWeaver SQL注入漏洞

SAP NetWeaver is a service-oriented integrated application platform developed by the German company SAP. This platform primarily provides development and runtime environments for SAP applications. SAP NetWeaver has a SQL injection vulnerability, which arises from unvalidated or escaped user input...

Craft Commerce SQL注入漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of sort parameters into SQL statements without proper validatio...

Sylius 安全漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the fact that the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API filters directly pa...

CVE-2026-3765 itsourcecode University Management System att_single_view.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-3705

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...

PT-2026-23940

Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description A SQL injection issue exists in Simple Flight Ticket Booking System version 1.0. The issue is located in the SearchResultOneway.php file and involves manipulation of the from argument...

EUVD-2026-10099

The Community Events plugin for WordPress is vulnerable to SQL Injection via the 'cevenuename' CSV field in the onsavechangesvenues function in all versions up to, and including, 1.5.8. This is due to insufficient escaping on the user-supplied CSV data and lack of sufficient preparation on the...

EUVD-2018-21648

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

EUVD-2018-21634

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

EUVD-2018-21622

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...