SQL Injection

Overview egroupware/egroupware is a library that extends a classic groupware with an integrated CRM-system, a secure file-server and Collabora Online Office. Affected versions of this package are vulnerable to SQL Injection via the Nextmatch filter processing. An attacker can execute arbitrary SQ...

CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'

The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Application-Biro-Travel SQL Injection Vulnerability

Aplikasi-Biro-Travel is a travel information application personally developed by Satria Arissandy. Version 1.0 of Aplikasi-Biro-Travel has a SQL injection vulnerability. This vulnerability arises due to the use of a username parameter, which can lead to authentication bypass...

EUVD-2026-3195

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

CVE-2022-50805

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...

VIAVIWEB Wallpaper Admin SQL注入漏洞

VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the imgid parameter that could lead to the extraction of database...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CVE-2026-22195

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...

CVE-2025-15392 Kohana KodiCMS Search API Endpoint page.php like sql injection

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

itsourcecode Society Management System SQL注入漏洞

itsourcecode Society Management System is an itsourcecode open source society management system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Society Management System, which stems from incorrect manipulation of the parameter Username in the file /admin/editadminquery.php,...

CVE-2025-15002

A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to...

CVE-2025-15004 DedeCMS freelist_main.php sql injection

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

EUVD-2025-204608

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidatesreport.php. The manipulation of the argument schoolyear leads to sql injection. The attack can be initiated remotely. The exploit is...

CVE-2025-64371 WordPress Traveler theme < 3.2.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a through 3.2.6...

CVE-2025-34179

NetSupport Manager 14.12.0001 contains an unauthenticated SQL injection vulnerability in its Connectivity Server/Gateway HTTPS request handling. The server evaluates request URIs using an unsanitized SQLite query against the FileLinks table in gateway.db. By injecting SQL through the LinkName/URI...

CVE-2025-68055 WordPress Hydra Booking plugin <= 1.1.32 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themefic Hydra Booking hydra-booking allows SQL Injection.This issue affects Hydra Booking: from n/a through = 1.1.32...

WordPress plugin Newsletter SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

CVE-2025-34179

NetSupport Manager

CVE-2025-14646

The CVE-2025-14646 entry describes a SQL injection in code-projects Student File Management System 1.0, triggered by manipulating the stud_id parameter in /admin/delete_student.php. Connected documents (CNVD-2026-00828, RH:CVE-2025-14646, CNNVD-202512-2597, VULNRICHMENT/CVE-2025-14646, PT-2025-51...