CVE-2024-5898

A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file printpayroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has...

CVE-2024-48357

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php...

CVE-2023-2114

The NEX-Forms WordPress plugin before 8.4 does not properly escape the table parameter, which is populated with user input, before concatenating it to an SQL query...

CVE-2022-25650

A vulnerability has been identified in Mendix Applications using Mendix 7 All versions V7.23.27, Mendix Applications using Mendix 8 All versions V8.18.14, Mendix Applications using Mendix 9 All versions V9.12.0, Mendix Applications using Mendix 9 V9.6 All versions V9.6.3. When querying the...

CVE-2022-4151

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the optionid GET parameter before concatenating it to an SQL query in export-images-data.php. This may allow malicious users with at least author privilege to leak sensitive...

CVE-2022-1800

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability...

CVE-2022-3395

The WP All Export Pro WordPress plugin before 1.7.9 uses the contents of the ccsql POST parameter directly as a database query, allowing users which has been given permission to run exports to execute arbitrary SQL statements, leading to a SQL Injection vulnerability. By default only users with t...

CVE-2021-37476

In NavigateCMS version 2.9.4 and below, function in product.php is vulnerable to sql injection on parameter id through a post request, which results in arbitrary sql query execution in the backend database...

CVE-2025-47937

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

CVE-2016-10939

The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter...

Zoo Management System /admin/edit-animal-details.php File SQL Injection Vulnerability

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter aname in the file /admin/edit-animal-details.php. An attacker can exploit this...

Human Metapneumovirus Testing Management System /edit-phlebotomist.php File SQL Injection Vulnerability

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter...

TYPO3 Allows Information Disclosure via DBAL Restriction Handling

Problem When performing a database query involving multiple tables through the database abstraction layer DBAL, frontend user permissions are only applied via FrontendGroupRestriction to the last table. As a result, data from additional tables included in the same query may be unintentionally...

CVE-2025-47937

TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer DBAL, frontend...

CVE-2025-47937

CVE-2025-47937 affects TYPO3 (PHP-based CMS). The issue arises in TYPO3 versions 9.0.0 through just before the fixed ELTS releases, where a DBAL multi-table query applies FrontendGroupRestriction only to the first table. This can allow data from additional tables in the same query to be exposed t...

TYPO3 9.0.0 < 9.5.51 ELTS / 10.0.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-011)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.51 ELTS / 10.0.0 prior to 10.4.50 ELTS / 11.0.0 prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-011 advisory. -...

PHPGurukul Auto Taxi Stand Management System 安全漏洞

Auto Taxi Stand Management System is an auto cab stand management system. Auto Taxi Stand Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter Username in the file /admin/index.php. An...

PHPGurukul Zoo Management System 注入漏洞

Zoo Management System is a zoo management system. Zoo Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter viewid in file /admin/view-foreigner-ticket.php. An attacker can exploit this...

WordPress plugin Radio Player Shoutcast & Icecast SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in...

PHPGurukul Park Ticketing Management System 注入漏洞

Park Ticketing Management System is a park ticketing management system. Park Ticketing Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter searchdata in the file /normal-search.php. An attacker c...