109 matches found
PT-2026-45619
Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...
CVE-2018-25416
AiOPMSD Final 1.0.0 contains an SQL injection vulnerability in country.php via the country parameter. An unauthenticated attacker can send crafted GET requests to extract sensitive data from the database (usernames, database names, version details). CVSS data indicates high impact with network ac...
CVE-2026-37428
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII...
CVE-2019-25668
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...
CVE-2026-2468
Affected software: Quentn WP plugin for WordPress. Vulnerability: SQL Injection via the ‘qntn_wp_access’ cookie in all versions up to and including 1.2.12, caused by insufficient escaping of the user-supplied parameter and inadequate preparation of the existing SQL query in the get_user_access() ...
CVE-2018-25189
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to submit crafted SQL payloads via POST to extract sensitive DB information (usernames, database names, version details). CVSS vectors: CVSS3.1 (AV:N/AC...
CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...
CVE-2018-25189 Data Center Audit 2.6.2 SQL Injection via username Parameter
Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...
CVE-2021-35484
The CVE-2021-35484 entry affects Nokia IMPACT (through 19.11.2.10-20210118042150283). A authenticated user can perform a Time-based Boolean Blind SQL Injection on the endpoint /ui/rest-proxy/campaign/statistic (View Campaign page) via the sortColumn HTTP GET parameter, enabling access to database...
SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-824752)
Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...
EUVD-2024-50779
Malicious code in bioql PyPI...
EUVD-2025-9690
Malicious code in bioql PyPI...
Knowage SQL注入漏洞
Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. Knowage suffers from an SQL injection vulnerability. An attacker exploiting this vulnerability could retrieve sensitive information from a database...
Human Resources Information Technology (eHR) Management Platform suffers from SQL Injection Vulnerability
hereinafter referred to as the same share software focuses on the manufacturing industry, commercial circulation industry, government departments, enterprises and institutions, such as a full range of management software research and development and services, with the domestic industry's well-kno...
SongCMS suffers from SQL injection vulnerability (CNVD-2021-26004)
SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. SongCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain...
SQL injection vulnerability in SongCMS PHP version (CNVD-2021-30143)
SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. SongCMS PHP version suffers from a SQL injection vulnerability, which can be exploited b...
SQL Injection Vulnerability in CRM System E4/Standard Edition of Pengwei Software Co.
Pengwei Software Co., Ltd. specializes in CRM software products, solutions and technical services of innovative enterprises. A SQL injection vulnerability exists in the E4/Standard version of the CRM system of Pengwei Software Co. Ltd, which can be exploited by attackers to obtain sensitive...
Wuxi Huyi Technology Co., Ltd. website building system SQL injection vulnerability
Ltd. is a professional Internet infrastructure application service provider, the company has been focusing on small and medium-sized enterprise information construction, to help enterprises establish their own network marketing platform on the Internet, for the enterprise to fully realize the...
SQL Injection Vulnerability in TEMMOKUMVC of Pizhou Tianmu Network Technology Co. Ltd (CNVD-2020-68563)
TEMMOKUMVC is Pizhou Tianmu Network Technology Co., Ltd. developed a professional PHP + MYSQL products, using the independent MVC framework for large and small and medium-sized enterprises of the open source MVC. Pizhou Tianmu Network Technology Co., Ltd TEMMOKUMVC SQL injection vulnerability,...
SQL Injection Vulnerability in Shield Spirit Voting Sucker System (CNVD-2020-62840)
Shield Spirit Voting Powder Sucking System can be applied to the public number, through the WeChat public number of the message interface to collect the user to send the vote number of the data to reach the vote, with anti-brush voting voting function, but also efficiently suck the live powder...