EUVD-2026-3195

A security flaw has been discovered in itsourcecode School Management System 1.0. Affected is an unknown function of the file /subject/index.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to...

CVE-2026-1133

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /kmf/folder.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument folderid can lead to sql injection. The attack can be launched remotely. The exploit has...

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2022-50805

Senayan Library Management System 9.0.0 contains a SQL injection vulnerability in the 'class' parameter that allows attackers to inject malicious SQL queries. Attackers can exploit the vulnerability by submitting crafted payloads to manipulate database queries and potentially extract sensitive...

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

VIAVIWEB Wallpaper Admin SQL注入漏洞

VIAVIWEB Wallpaper Admin is a mobile application backend management system from VIAVIWEB India. A SQL injection vulnerability exists in VIAVIWEB Wallpaper Admin version 1.0, which stems from a SQL injection vulnerability in the imgid parameter that could lead to the extraction of database...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via insufficient backend validation in the Agent service's database query tool. An attacker can access sensitive information from the server and database by using prompt-based bypass techniques to evade query restrictions...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22687 WeKnora vulnerable to SQL Injection

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.5, after WeKnora enables the Agent service, it allows users to call the database query tool. Due to insufficient backend validation, an attacker can use prompt‑based bypass...

CVE-2026-22197

GestSup versions prior to 3.2.60 contain multiple SQL injection vulnerabilities in the asset list functionality. Multiple request parameters used to filter, search, or sort assets are incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate...

CVE-2026-22195

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2021-22298

There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne...

CVE-2022-0411

The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the postid parameter before using it in a SQL statement via a REST route of the plugin accessible to any authenticated user, leading to a SQL injection...

CVE-2025-64092

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

CVE-2025-64092

CVE-2025-64092 involves unauthenticated SQL injection via GET parameters, affecting Zenitel ICX500/ICX510 platforms per the connected records. The Red Hat and CNNVD entries confirm the same vulnerability description and cite Zenitel as the vendor with affected hardware. The common root cause is i...

CVE-2025-64092 Unauthenticated SQL injection via GET request parameters

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

CVE-2025-64092 Unauthenticated SQL injection via GET request parameters

This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database...

CVE-2023-43794

Nocodb is an open source Airtable alternative. Affected versions of nocodb contain a SQL injection vulnerability, that allows an authenticated attacker with creator access to query the underlying database. By supplying a specially crafted payload to the given an attacker can inject arbitrary SQL...

CVE-2026-21856 Tarkov Data Manager has Authenticated SQL Injection

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scanner api endpoints that allow an authenticated attacker to execute arbitrary SQL queries against th...