CVE-2026-10260 CodeAstro Online Job Portal delete-jobs.php sql injection

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

EUVD-2024-1009

Malicious code in bioql PyPI...

WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...

WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

CVE-2024-0460

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

CVE-2022-36696

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestockout...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

SourceCodester Water Billing System SQL Injection Vulnerability

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

S-CMS School Building System v1.0 SQL Injection Vulnerability in Background aja*** U_s** Parameters

S-CMS is a content management system CMS based on PHP and MySQL. S-CMS School Building System v1.0 has a SQL injection vulnerability in the aja Us parameter in the background, which allows attackers to obtain sensitive information from the database...

Deepwoods Software WebLibrarian SQL Injection Vulnerability

Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...

SQL Injection Vulnerability in B2C_UQ Cloud Business System

UQ Cloud Business System B2C version is a compact e-commerce system, the platform is developed by PHP7.0+Mysql. B2CUQ Cloud Business System suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL injection vulnerability in ZZCMS version 8.3 zs***.php file (CNVD-2018-19951)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the zs.php file of ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive information from the database...

Yixing Yulu Media Co., Ltd. website construction system suffers from SQL injection vulnerability

Yixing Yulu Media Co., Ltd. is to provide enterprises with the most comprehensive, thoughtful, professional Internet solutions, to provide WeChat small program, WeChat public number, domain name registration, web hosting, enterprise mailboxes, website construction, website development, website...

SQL Injection Vulnerability in ThinkLC V3.5 Classified Information System tops.php Page

ThinkLC Classified Information System is a local classified information system built on PHP+MYSQL development. A SQL injection vulnerability exists in the ThinkLC V3.5 Classified Information System tops.php page due to the program failing to adequately filter user-supplied input. An attacker can...

TYPO3 without PHP extension SQL injection vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland.Browser - TYPO3 without PHP Browser is one of the extensions that enable browsers to develop TYPO3 without PHP code. A SQL injection vulnerability exists in TYPO3 without...

WordPress Plugin All In One WP Security & Firewall admin/wp-security-list-login-fails.php SQL Injection Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.All In One WP Security & Firewall Plugin for WordPress is a Wordpress Security Plugin. The All In One WP Security &...