Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0.0-RC.2 contains a SQL injection vulnerability. This vulnerability stems from SQL injection issues with the statistical AJAX endpoints. It may allow authenticated administrators to execute time-based bli...

PT-2026-32586

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the Custom Content Type CCT REST API search endpoint in all versions up to, and including, 3.8.6.1. This is due to the cct search parameter being interpolated directly into a SQL query string via sprintf without sanitization or...

EUVD-2026-21998

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-6153

A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFFID leads to sql injection. The attack can be launched remotely. The exploit is publicly...

CVE-2026-6142 tushar-2223 Hotel Management System roomdelete.php sql injection

A vulnerability was identified in tushar-2223 Hotel Management System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. Affected by this vulnerability is an unknown functionality of the file /admin/roomdelete.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of th...

CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

PT-2026-32163

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to category.php with malicious cat id values to extract sensitive database information...

Exploit for SQL Injection in Djangoproject Django

No d...

CVE-2026-36233

The vulnerability CVE-2026-36233 affects the itsourcecode Online Student Enrollment System v1.0. A SQL injection exists in assignInstructorSubjects.php where the parameter subjcode can be injected and used directly in SQL queries without proper cleaning/validation. This could allow an attacker to...

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

EUVD-2026-20805

A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-33088

Movable Type provided by Six Apart Ltd. contains an SQL Injection vulnerability which may allow an attacker to execute an arbitrary SQL statement...

CVE-2026-3781 Attendance Manager <= 0.6.2 - Authenticated (Subscriber+) SQL Injection via 'attmgr_off' Parameter

The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgroff' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress plugin User Feedback SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-5580

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

WordPress Plugin Media LIbrary Assistant SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2019-20102

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...

CVE-2019-25694

Kados R10 GreenBee is affected by an SQL injection vulnerability in the user2reset parameter, allowing unauthenticated attackers to manipulate database queries. The vulnerability enables extraction of sensitive data and potential data modification, per the NVD and CVE records. The issue is descri...

CVE-2019-25696 Kados R10 GreenBee SQL Injection via language_tag Parameter

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...