80526 matches found
CVE-2019-25730
CVE-2019-25730 affects Listing Hub CMS 1.0 . A vulnerability in the page pages.php where the id parameter is exploited via error-based SQL injection , allowing unauthenticated remote attackers to run arbitrary queries. The attacker can extract sensitive data such as database credentials, username...
CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
CVE-2019-25730 Listing Hub CMS 1.0 SQL Injection via pages.php id
Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to...
CVE-2019-25728
Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ckconfig cookie parameter. Attackers can inject malicious SQL through the ckconfig cookie in multiple endpoints including login.php, indexframe.php...
CVE-2019-25726
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
CVE-2019-25726
CVE-2019-25726 affects All in One Video Downloader 1.2. An SQL injection vulnerability exists in the admin page edit via the id parameter, allowing unauthenticated attackers to execute arbitrary SQL queries and potentially extract sensitive data (usernames, databases, version details). The provid...
CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
CVE-2019-25726 All in One Video Downloader 1.2 SQL Injection via admin page-edit
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
EUVD-2026-34258
A security flaw has been discovered in itsourcecode Fees Management System 1.0. This impacts an unknown function of the file /manageuser.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be...
CVE-2026-4104 SQLi in Akmer Informatics' TeknoPass
Authorization bypass through User-Controlled SQL primary key vulnerability in Akmer Informatics Automation Industry and Trade Ltd. Co. TeknoPass allows SQL Injection. This issue affects TeknoPass: from 20210501 through 20260429...
CVE-2026-50225
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
EUVD-2026-34230
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
Wordpress Email Subscribers by Icegram Express - SQL Injection
The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IGESSubscribersQuery' class in all versions up to, and including, 5.7.14 due to insufficient escaping ...
PT-2026-46196
All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...
CVE-2026-36499
A missing upper-bound check in the udpifsetthreads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
PT-2026-46389
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulated API requests. Version 2.4.28 contains a patch...
PT-2026-46296
Name of the Vulnerable Software and Affected Versions OSNexus QuantaStor versions prior to 6.6.2 Description An unauthenticated remote attacker can perform a blind SQL injection via the login endpoint. The username field is not properly sanitized before being incorporated into a SQL query, which...
PT-2026-46314
A missing upper-bound check in the udpif set threads function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. This can cause a denial of service DoS via resource exhaustion...
PT-2026-46177
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database...
PT-2026-46409
A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. The manipulation of the argument social twitter results in sql injection. The attack may be launched remotely. The exploit has bee...