CVE-2026-3149

In summary, CVE-2026-3149 affects itsourcecode College Management System 1.0. Affects the file /admin/asign-single-student-subjects.php where manipulating the argument course_code can trigger a SQL injection. The issue can be exploited remotely and public exploits exist. The connected Red Hat, EU...

CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

CVE-2026-26198 ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...

CVE-2026-25591 New API has an SQL LIKE Wildcard Injection DoS via Token Search

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.10, a SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause denial of service through resource exhaustion by...

ormar is vulnerable to SQL Injection through aggregate functions min() and max()

Report of SQL Injection Vulnerability in Ormar ORM A SQL Injection attack can be achieved by passing a crafted string to the min or max aggregate functions. Brief description When performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly int...

GHSA-W6X6-9FP7-FQM4 New API has an SQL LIKE Wildcard Injection DoS via Token Search

Summary A SQL LIKE wildcard injection vulnerability in the /api/token/search endpoint allows authenticated users to cause Denial of Service through resource exhaustion by crafting malicious search patterns. Details The token search endpoint accepts user-supplied keyword and token parameters that...

CVE-2019-25458

Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can send requests to with malicious payloads in the 'il', 'kat', or 'kelime' parameters to extract...

CVE-2019-25460

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

CVE-2019-25459 Web Ofisi Emlak V2 SQL Injection via emlak-ara.html

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlakdurumu, emlaktipi, il, ilce, kelime, and semt to extract sensitive...

CVE-2019-25391

CVE-2019-25391 affects Ashop Shopping Cart Software and involves a time-based blind SQL injection via the blacklistitemid parameter in the admin/bannedcustomers.php endpoint. Attackers can send crafted POST requests containing SQL payloads that use SLEEP to infer data from the database. The vulne...

CVE-2019-25432

Part-DB 0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to login by injecting SQL syntax into authentication parameters. Attackers can submit a single quote followed by 'or' in the login form to bypass credential validation and gain unauthorized access to...

PT-2026-21440

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

CVE-2019-25444

CVE-2019-25444 : Fiverr Clone Script 1.2.2 is affected by an SQL injection in the page parameter that allows unauthenticated attackers to manipulate database queries, enabling extraction of sensitive data and potential data modification. The vulnerability stems from user-supplied SQL syntax in th...

CVE-2026-26745

OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currencysymbol configuration field. Although the input is initially stored without immediate execution, it is later concatenated into a dynamically constructed SQL query without proper sanitization or...

Exploit for CVE-2026-26988

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

CVE-2026-2663

A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It ...

Phpscriptsmall Fiverr Clone Script SQL注入漏洞

Phpscriptsmall Fiverr Clone Script is a set of software scripts developed by Phpscriptsmall. The Phpscriptsmall Fiverr Clone Script 1.2.2 version contains an SQL injection vulnerability. This vulnerability stems from the page parameter, which allows for SQL injections, potentially enabling...

WordPress plugin Electio Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2026-1639

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sortby' parameters in all versions up to, and including, 5.0.2 due to insufficient escaping on the user supplied parameter and lack of...

WordPress plugin Nelio AB Testing 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...