CVE-2018-25410 SIM-PKH 2.4.1 SQL Injection via media.php id Parameter

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to /admin/media.php with module=pengurus and act=editpengurus parameters containing SQ...

CVE-2018-25394

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the releaseid parameter of boardsbuttons/updaterelease.php. The releaseid value is concatenated directly into SQL statements withou...

Bylancer Zechat SQL注入漏洞

Bylancer Zechat is a PHP instant messaging system developed by Bylancer Corporation, which supports real-time messages, group chat, and social interactions. Version 1.5 of Bylancer Zechat has a SQL injection vulnerability. This vulnerability arises from injecting SQL code via the uname parameter,...

CVE-2020-37244 WordPress Plugin Supsystic Membership 1.4.7 SQL Injection via sidx

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx' parameters. Attackers can send GET requests to the badges module with crafted payloads to extract...

CVE-2018-25205

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

CVE-2019-11614

doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information...

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

OpenBMCS SQL注入漏洞

OpenBMCS is a building management and control system from OpenBMCS Australia. A SQL injection vulnerability exists in OpenBMCS version 2.4, which stems from a SQL injection issue with the id parameter that could lead to the disclosure of database information...

CVE-2024-55663

XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in getdocument.vm; the ordering of the returned documents is defined from an unsanitized request parameter request.sort and can allow any user to inject HQL. Depending on th...

CVE-2022-30012

In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection...

CVE-2021-37823

OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background...

PT-2024-76: Time-based SQL Injection in Netcat CMS (module comments)

The vulnerability was identified in Netcat CMS module comments, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...

SQL Injection Vulnerability in ZZCMS2020 Backend (CNVD-2020-59412)

ZZCMS is a content management system. A SQL injection vulnerability exists in the backend of ZZCMS2020, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerabilities in the Website Building System of Luoyang Wanqian Network Technology Co.

Luoyang Wanqian Network Technology Co., Ltd. was founded in 2007, for the global large and small enterprises, groups and institutions, to provide high-quality website construction, network promotion, office automation management software development and use of network software services, now the...

S-CMS News Portal System aj***.php suffers from SQL Injection Vulnerability

S-CMS news portal system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise to provide solutions to build a station. S-CMS news portal system aj.php SQL injection vulnerability, an attacker can use the vulnerability to obtain sensitive database information...

SQL Injection Vulnerability in Website Building System of Ningbo Huashuo Network Service Co.

Ningbo Huashuo Network Service Co., Ltd. is a professional network company with 6 years of experience in website construction and web design. Ningbo Huashuo Network Service Co., Ltd. website building system exists SQL injection vulnerability, attackers can use the vulnerability to obtain database...

SQL Injection Vulnerability in UFIDA NC

UFIDA NC6 is a new series of UFIDA NC products, a world-class high-end management software for group enterprises. A SQL injection vulnerability exists in UFIDA NC, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in Ocean CMS Backend (CNVD-2020-33134)

Ocean CMS is a web content management system based on PHP+MYSQL architecture that can run across platforms. There is a SQL injection vulnerability in the backend of Ocean CMS, which can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability in se***.php page of Hefei Yilang Network Technology Co.

Hefei Yilang Network Technology Co., Ltd. is a company specializing in Internet technology services, development and application. Ltd. building system se.php page SQL injection vulnerability, attackers can use the vulnerability to obtain database sensitive information...