CVE-2017-20247

CVE-2017-20247 affects the WordPress plugin PICA Photo Gallery 1.0. It describes an SQL injection vulnerability where unauthenticated attackers can inject SQL via the aid parameter in GET requests to retrieve sensitive data (e.g., user credentials, table contents). The CVE notes high impact on co...

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the year parameter, potentially allowing unauthenticated attackers to execute...

CVE-2018-25351

CVE-2018-25351 affects Joomla! Component EkRishta 2.10. The connected documents describe an error-based SQL injection in the username parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending POST requests to the login endpoint, leaking database information inclu...

CVE-2026-28805

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

CVE-2026-25076

Anchore Enterprise versions before 5.25.1 contain an SQL injection vulnerability in the GraphQL Reports API. An authenticated attacker that is able to access the GraphQL API could execute arbitrary SQL instructions resulting in modifications to the data contained in the Anchore Enterprise databas...

Flowring Docpedia SQL注入漏洞

Flowring Docpedia is a document management system developed by Flowring Corporation. Flowring Docpedia has a SQL injection vulnerability. This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands, potentially leading to the reading, modification, or deletion of...

SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)

U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...

PT-2025-45357

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AppManagementController.appUpgradeAction function. An authenticated, low-privileged user can inject SQL code through datatable searc...

CVE-2025-11623

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

PT-2025-41835

Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager affected versions not specified Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database. The issue allows for unauthoriz...

WordPress plugin Legoeso PDF Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /PersonalAffair/worklogtemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit...

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle Fusion Middleware version...

CVE-2022-22367

IBM UrbanCode Deploy UCD 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008...

Badminton Center Management System SQL注入漏洞

Badminton Center Management System is a badminton center management system from Carlo Montero's personal developer. It provides an online and automated platform for badminton centers to manage their daily transactions and records.Badminton Center Management System version v1.0 is vulnerable to SQ...

Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple client management system from Carlo Montero's personal developer. version 1.0 of Simple Client Management System is vulnerable to SQL injection, which stems from a lack of validation of external input SQL statements in cms/admin?page=client/ The...

SQL Injection Vulnerability in the Comprehensive Management Platform of Beijing Zhongcheng Kexin Technology Development Co. Ltd (CNVD-2020-70830)

Beijing Zhongcheng Kexin Technology Development Co., Ltd. is a travel whole industry chain service provider. A SQL injection vulnerability exists in the comprehensive management platform of Beijing Zhongcheng Kexin Technology Development Co. An attacker can exploit this vulnerability to obtain...

SQL Injection Vulnerability in TEMMOKUMVC of Pizhou Tianmu Network Technology Co.

TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, using the independent MVC framework for large and small and medium-sized enterprises of the open source MVC. Pizhou Tianmu Network Technology Co., Ltd TEMMOKUMVC SQL injection vulnerability,...

SQL Injection Vulnerability in Shield Spirit Commodity Promotion System Frontend ko***.php Page

Shield Spirit commodity promotion system can be applied to multiple types of public number, personal or business subscription number and service number can be used, easy to docking all kinds of public number, through the WeChat public number of the relevant interfaces configured to come into effe...