2866 matches found
CVE-2026-4581
A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The explo...
PT-2026-26926
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...
CVE-2026-4504
A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...
CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...
EUVD-2026-11969
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in codepeople CP Contact Form with Paypal cp-contact-form-with-paypal allows Blind SQL Injection.This issue affects CP Contact Form with Paypal: from n/a through = 1.3.61...
400,000 WordPress Sites Affected by Unauthenticated SQL Injection Vulnerability in Ally WordPress Plugin
On February 4th, 2026, we received a submission for an SQL Injection vulnerability in Ally, a WordPress plugin estimated to have more than 400,000 active installations. This vulnerability can be leveraged to extract sensitive data from the database, such as password hashes. Props to Drew Webber...
ROS-20260310-73-0002
A vulnerability in the MySQL and MariaDB database management system is related to information disclosure. Exploitation of the vulnerability allows an attacker acting remotely to gain access to confidential data...
CVE-2026-3806 SourceCodester/janobe Resort Reservation System room_rates.php sql injection
A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /roomrates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-28399 NocoDB: SQL Injection via DATEADD Formula
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...
CGM NETRAAD SQL注入漏洞
CGM NETRAAD is a radiology information system and imaging archiving system developed by the German company CGM. Versions of CGM NETRAAD prior to 7.9.0 contained a SQL injection vulnerability. This vulnerability arises from handling C-FIND queries, potentially allowing unauthorized access to the...
CVE-2026-3150 itsourcecode College Management System display-teacher.php sql injection
A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacherid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...
itsourcecode News Portal Project SQL注入漏洞
itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...
IBM Db2 Denial of Service Vulnerability (CNVD-2026-14679)
IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial of service vulnerability that originates from a possible server crash whe...
CVE-2026-2212
A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...
Code-Projects Social Networking Site SQL注入漏洞
Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file /deletepost.php, which...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the sorting parameter. An attacker can execute arbitrary code and insert malicious database content by manipulating crafted URLs. Remediation Upgrade oxid-esales/oxideshop-ce to version 6.3.4 or higher. References -...
CVE-2020-37081 Fishing Reservation System 7.5 - 'uid' SQL Injection
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
SQL Injection Vulnerability in SQLBot of Hangzhou Feizhiyun Information Technology Co.
SQLBot is an intelligent questioning system based on large models and RAG. Hangzhou Feizhiyun Information Technology Co., Ltd SQLBot suffers from a SQL injection vulnerability, which can be exploited by an attacker to obtain sensitive information from the database...
Linux Distros Unpatched Vulnerability : CVE-2025-36365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage...
EUVD-2025-206550
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query...