EUVD-2022-2474

Malicious code in bioql PyPI...

EUVD-2021-9983

Malicious code in bioql PyPI...

PT-2025-39186

Name of the Vulnerable Software and Affected Versions CSZ-CMS version 1.3.0 Description A SQL Injection issue exists in CSZ-CMS version 1.3.0. This allows a remote attacker to execute arbitrary code through the execSqlFile function located in the Plugin Manager.php file. The vulnerability is...

CSZCMS 安全漏洞

CSZCMS is an open source web application by Cskaza Bassist Individual Developer that allows to manage all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0, which stems from the execSql function in the PluginManager.php file not filtering input correctly,...

CVE-2025-49485

A SQL injection vulnerability in the Balbooa Forms plugin 1.0.0-2.3.1.1 for Joomla allows privileged users to execute arbitrary SQL commands via the 'id' parameter...

CVE-2024-28298

SQL injection vulnerability in BM SOFT BMPlanning 1.0.0.1 allows authenticated users to execute arbitrary SQL commands via the SECIDF, LIEIDF, PLANFIDF, CLIIDF, DOSIDF, and possibly other parameters to /BMServerR.dll/BMRest...

CVE-2024-50972

A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrowid parameter...

CVE-2023-51828

A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in getnextnotice function...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-36433

SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jodeletemask function in jocms/apps/mask/mask.php...

CVE-2021-29053

Multiple SQL injection vulnerabilities in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1 allow remote authenticated users to execute arbitrary SQL commands via the classPKField parameter to 1 CommerceChannelRelFinder.countByCC, or 2 CommerceChannelRelFinder.findByCC...

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter...

CVE-2021-40595

SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leavesystem/classes/Login.php...

CVE-2020-29139

A SQL injection vulnerability in interface/main/finder/patientselect.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter...

CVE-2020-13640

A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. No 7.x versions are affected...

CVE-2020-5651

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL...

CVE-2020-29142

A SQL injection vulnerability in interface/usergroup/usergroupadmin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedulefacility parameter when restrictuserfacility=on is in global settings...

CVE-2020-15884

A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...

CVE-2014-9345

SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...

CVE-2018-16116

SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...