Lucene search
K

28 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-13526 SourceCodester Class and Exam Timetabling System edit_class.php sql injection

A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...

7.5CVSS0.00263EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.9 views

CVE-2026-40546

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

itsourcecode Content Management System SQL注入漏洞

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References6
Veracode
Veracode
added 2026/03/28 5:15 a.m.6 views

SQL Injection

wwbn/avideo is vulnerable to a SQL Injection. The vulnerability is due to direct interpolation of user-controlled input into SQL queries without parameterization in the fixCleanTitle method, which allows an attacker to inject and execute arbitrary SQL commands...

9.8CVSS6.1AI score0.00492EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/08 5:2 a.m.13 views

CVE-2026-2136

CVE-2026-2136 affects projectworlds Online Food Ordering System v1.0. The vulnerability resides in an unknown function of /view-ticket.php where manipulating the ID parameter enables SQL injection, with remote exploitation demonstrated by published exploits. Multiple sources (NVD, Red Hat, CVE li...

9.8CVSS7.2AI score0.00326EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.5 views

PT-2026-1788

Name of the Vulnerable Software and Affected Versions vanquish WooCommerce Orders & Customers Exporter versions through 5.4 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. The affected...

9.8CVSS7.6AI score0.00321EPSS
Exploits0References3
NVD
NVD
added 2025/12/29 3:15 a.m.7 views

CVE-2025-15168

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...

9.8CVSS0.00329EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/11/16 12:0 a.m.6 views

SourceCodester Patients Waiting Area Queue Management System SQL注入漏洞

SourceCodester Patients Waiting Area Queue Management System is a SourceCodester open source patient waiting area queue management system. A SQL injection vulnerability exists in SourceCodester Patients Waiting Area Queue Management System version 1.0, which stems from incorrect manipulation of t...

9.8CVSS7.8AI score0.00335EPSS
Exploits1References6
OSV
OSV
added 2025/10/02 7:53 p.m.4 views

CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...

9.4CVSS8.2AI score0.00397EPSS
Exploits1References4
NVD
NVD
added 2025/09/15 5:15 p.m.5 views

CVE-2025-57104

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...

5.4CVSS0.00185EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/09/04 5:58 p.m.4 views

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...

8.1AI score
Exploits0
CNVD
CNVD
added 2025/09/02 12:0 a.m.3 views

Simple Grading System add_student_grade.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

8.8CVSS8.3AI score0.00437EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/11/11 12:0 a.m.4 views

Projectworlds Free Download Online Shopping System SQL注入漏洞

Projectworlds Free Download Online Shopping System is an online shopping system from Projectworlds India. Projectworlds Free Download Online Shopping System 192.168.1.88 and earlier versions have a SQL injection vulnerability that stems from a SQL injection vulnerability in the parameter id...

9.8CVSS7AI score0.00494EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/10/12 12:0 a.m.3 views

WordPress plugin WP Post Author SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.2CVSS7.4AI score0.0051EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/30 12:0 a.m.3 views

SourceCodester Stock Management System SQL注入漏洞

Sourcecodester Stock Management System is an inventory management system. A SQL injection vulnerability exists in SourceCodester Stock Management System version 1.0, which stems from a SQL injection caused by the brandName parameter of the file createBrand.php...

9.8CVSS7.1AI score0.00637EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.4 views

Web-Based Student Clearance System SQL Injection Vulnerability

Web-Based Student Clearance System is a web-based student clearance system by the individual developer Ndueso Okorie. A SQL injection vulnerability exists in Web-Based Student Clearance System version 1.0, which stems from an incorrect manipulation of the parameter Fullname that can lead to sql...

7.2CVSS8.4AI score0.00714EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.3 views

Online Food Ordering System SQL Injection Vulnerability

Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Food Ordering System v1.0, which is caused by insufficient filtering of the name parameter on the routers/add-item.php page...

9.8CVSS8AI score0.007EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/05/12 12:0 a.m.3 views

Judging Management System SQL注入漏洞

Judging Management System is a judging management system by Carlo Montero Personal Developer. A security vulnerability exists in Judging Management System version v.1.0, which stems from an SQL injection vulnerability that could allow a remote attacker to execute arbitrary code via the contentant...

9.8CVSS9.2AI score0.01311EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/08/25 12:0 a.m.4 views

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...

9.8CVSS7.9AI score0.00906EPSS
Exploits1References2
OSV
OSV
added 2022/03/02 11:15 p.m.4 views

CVE-2022-25393

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

7.5CVSS7.2AI score0.01195EPSS
Exploits1References1
Rows per page
Query Builder