27 matches found
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
CVE-2026-3658
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
WordPress Appointment Booking Calendar plugin <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter vulnerability
Unauthenticated SQL Injection via 'fields' Parameter vulnerability discovered by momopon1415 in WordPress Plugin Simply Schedule Appointments versions = 1.6.10.0...
CVE-2026-3658
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2026-3658
CVE-2026-3658 affects the WordPress plugin chain for the Appointment Booking Calendar (Simply Schedule Appointments Booking Plugin). The Wordfence detail confirms a SQL Injection via the fields parameter in all versions up to 1.6.10.0, caused by insufficient escaping of user-supplied input and in...
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2026-3658 Appointment Booking Calendar <= 1.6.10.0 - Unauthenticated SQL Injection via 'fields' Parameter
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
PT-2026-26283
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2026-0702
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0702
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
EUVD-2026-4886
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0702 VidShop – Shoppable Videos for WooCommerce <= 1.1.4 - Unauthenticated Time-Based SQL Injection via 'fields'
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-0702
CVE-2026-0702 refers to VidShop – Shoppable Videos for WooCommerce (WordPress). Affected versions up to and including 1.1.4 are vulnerable to unauthenticated time-based SQL Injection via the fields parameter due to insufficient escaping and lack of proper SQL query preparation. This can enable an...
PT-2026-5080
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
SQL Injection
Overview pimcore/pimcore is a content & product management framework CMS/PIM/E-Commerce. Affected versions of this package are vulnerable to SQL Injection via the fields parameter in the admin search API endpoint. An attacker can access sensitive database information and potentially compromise th...
WordPress plugin WP Directory Kit SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...
📄 Frappe Framework 15.56.1 SQL Injection
Frappe Framework version 15.56.1 suffers from a remote SQL injection vulnerability. An authenticated SQL injection vulnerability exists in the frappe.desk.reportview.getlist API of the Frappe Framework, affecting versions v15.56.1. The vulnerability stems from improper sanitization of the fields...
PT-2024-39573 · Intelbras · Intelbras Incontrol
Name of the Vulnerable Software and Affected Versions: Intelbras InControl versions up to 2.21.57 Description: A critical issue affects some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the fields argument leads to code...
PT-2024-39077 · WordPress · Learnpress
Name of the Vulnerable Software and Affected Versions: LearnPress – WordPress LMS Plugin versions up to, and including, 4.2.7 Description: The issue allows unauthenticated attackers to perform SQL Injection via the c fields parameter of the "/wp-json/lp/v1/courses/archive-course" REST API endpoin...