CVE-2026-8131

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

PT-2026-32335

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...

Hydrosystem Control System SQL注入漏洞

Hydrosystem Control System is an industrial water treatment and fluid control monitoring system developed by the American company Hydrosystem. Versions of Hydrosystem Control System prior to 9.8.5 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of protective...

CVE-2026-4910

A security vulnerability has been detected in Shenzhen Ruiming Technology Streamax Crocus up to 1.3.44. Affected is an unknown function of the file /RemoteFormat.do of the component Endpoint. Such manipulation of the argument State leads to sql injection. It is possible to launch the attack...

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability, which stems from insufficient input validation for the filterby parameter. This vulnerability may lead to SQL injection attacks...

CVE-2019-25539 202CMS v10 beta SQL Injection via register.php

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

PT-2026-22787

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage category.php...

PT-2026-5831

Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...

Kiwire Captive Portal 安全漏洞

Kiwire Captive Portal is a login authentication page from Kiwire Malaysia. A security vulnerability exists in Kiwire Captive Portal that stems from a SQL injection in the nas-id parameter, which could lead to an attack on the database...

CVE-2025-60307

code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts...

EUVD-2008-6325

Malware in sbrugna...

EUVD-2021-20034

Malware in sbrugna...

EUVD-2017-16943

Malware in sbrugna...

EUVD-2023-44653

Malicious code in bioql PyPI...

EUVD-2024-50362

Malicious code in bioql PyPI...

EUVD-2022-45072

Malicious code in bioql PyPI...

CVE-2025-10598

SourceCodester Pet Grooming Management Software 1.0 is affected by a SQL injection in /admin/search_product.php caused by improper handling of the group_id parameter. This vulnerability can be exploited remotely and has publicly available exploit code. Some connected advisories mention a practica...

CVE-2025-10446

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/custsearchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely...

Simple Grading System edit_account.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID in the file /editaccount.php. An attacker can exploit this vulnerability to execute...

itsourcecode Apartment Management System 安全漏洞

Apartment Management System is an apartment management system. Apartment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtMemberType in the file /setting/membertypesetup.php. An attack...