Lucene search
K

75 matches found

NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS0.00459EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 4:8 p.m.6 views

EUVD-2026-41056

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54735

Name of the Vulnerable Software and Affected Versions Guardian language-system affected versions not specified Description An unauthenticated attacker can perform error-based SQL injection by sending crafted values to the id parameter via a GET request to the 'job info.php' endpoint. The issue...

9.8CVSS5.8AI score0.00459EPSS
Exploits0References6
NVD
NVD
added 2026/06/19 6:16 p.m.11 views

CVE-2019-25759

Joomla! Component vBizz 1.0.7 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. Attackers can submit POST requests to the employee management interface with crafted payid array valu...

7.1CVSS0.00221EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:16 p.m.12 views

CVE-2019-25756

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 6:16 p.m.23 views

CVE-2019-25757

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS0.00221EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 5:31 p.m.6 views

EUVD-2019-20193

Joomla vWishlist 1.0.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vproductid and userid parameters. Attackers can send POST requests to the component with crafted SQL payloads in these...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:28 p.m.4 views

CVE-2019-25756

Joomla! Component vAccount 2.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the vid parameter. Attackers can send GET requests to the vaccount-dashboard/expense endpoint with crafted SQL payloa...

8.8CVSS6.2AI score0.00366EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:1 p.m.5 views

CVE-2019-25748

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

8.8CVSS6.3AI score0.00296EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-50995

Name of the Vulnerable Software and Affected Versions Joomla! Component vBizz version 1.0.7 Description An SQL injection allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the payid parameter. This is achieved by submitting POST requests to the...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References8
EUVD
EUVD
added 2026/05/30 2:55 p.m.11 views

EUVD-2018-21935

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Attackers can send GET requests to search.php with crafted SQL payloads to extract sensitive database informati...

8.8CVSS6.1AI score0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/05/30 2:55 p.m.21 views

CVE-2018-25410

SIM-PKH 2.4.1 contains an SQL injection in admin/media.php via the id parameter. In the affected flow, an authenticated attacker can craft GET requests with module=pengurus and act=editpengurus to inject SQL UNION statements, enabling extraction of database information (usernames, database names,...

7.1CVSS6.2AI score0.00221EPSS
Exploits0References4
NVD
NVD
added 2026/05/29 4:16 p.m.16 views

CVE-2018-25392

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.12 views

EUVD-2018-21914

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the logactivity function. Attackers can send POST requests to /index.php/user/logactivity with malicious SQL code in...

7.1CVSS6.1AI score0.00273EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.11 views

EUVD-2018-21908

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44873

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature id parameter of boards buttons/update feature.php. The feature id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44864

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. An unauthenticated attacker can exploit the desa module module=desa&act=hapus, while authenticated users can exploi...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.13 views

PT-2026-44872

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release id parameter of boards buttons/update release.php. The release id value is concatenated directly into SQL statements...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/21 6:31 p.m.4 views

EUVD-2019-19903

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

8.8CVSS6.2AI score0.00324EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/21 6:31 p.m.6 views

EUVD-2019-19899

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

8.8CVSS6.2AI score0.00338EPSS
Exploits1References5
Rows per page
Query Builder