2 matches found
Exploit for SQL Injection in Ghost
CVE-2026-26980 👻 Ghost CMS Unauthenticated SQLi via Content...
GHSA-WRH9-CJV3-2HPW Sequelize vulnerable to SQL Injection via replacements
Impact The SQL injection exploit is related to replacements. Here is such an example: In the following query, some parameters are passed through replacements, and some are passed directly through the where option. typescript User.findAll where: or literal'soundex"firstName" = soundex:firstName',...