Django: SQL Injection in Django ORM via Unvalidated `_connector` in Q Objects

A critical SQL injection vulnerability was discovered in the Django ORM's handling of Q objects. The internal WhereNode.assql method used unsafe string formatting to inject the query connector, which could be controlled by an attacker through the connector key when creating a Q object. This allow...

CVE-2025-59008

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PressTigers ZIP Code Based Content Protection zip-code-based-content-protection allows SQL Injection.This issue affects ZIP Code Based Content Protection: from n/a through = 1.0.0...

Small CRM /profile.php File SQL Injection Vulnerability

Small CRM is a customer relationship management system. Small CRM suffers from an SQL injection vulnerability that stems from the /profile.php file not having a secure filter for the Name parameter. No details of the vulnerability are available at this time...

CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

CVE-2025-10104

A security vulnerability has been detected in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /reviewsearch.php. The manipulation of the argument txtsearch leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-10210 yanyutao0402 ChanCMS Api.js search sql injection

A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

Shibboleth Service Provider 安全漏洞

Shibboleth Service Provider is a single sign-on framework from Shibboleth UK. A security vulnerability exists in Shibboleth Service Provider 3.5.0 and earlier versions, which stems from a SQL injection in the ID attribute of a SAML response, which could lead to the disclosure of database...

PT-2025-36761

Name of the Vulnerable Software and Affected Versions: WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates versions through 2.8.10 Description: The software contains an SQL injection flaw that allows attackers to manipulate commands. This...

CVE-2025-58450

pREST PostgreSQL REST, is an API that delivers an application on top of a Postgres database. SQL injection is possible in versions prior to 2.0.0-rc3. The validation present in versions prior to 2.0.0-rc3 does not provide adequate protection from injection attempts. Version 2.0.0-rc3 contains a...

Updated python-django packages fix security vulnerability

Potential SQL injection in FilteredRelation column aliases. CVE-2025-57833...

CVE-2025-55849

WeiPHP v5.0 and before is vulnerable to SQL Injection via the SucaiController.class.php file and the cancelTemplatee...

CVE-2025-10077

A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and m...

PT-2025-36490

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Forum Discussion System version 1.0 Description: A SQL injection issue exists in the file /admin class.php?action=login. Manipulation of the Username parameter can lead to exploitation. The attack can be initiated...

ChanCMS SQL注入漏洞

ChanCMS is a content management system by yanyutao0402 individual developer in China. SQL injection vulnerability exists in ChanCMS 3.3.1 and earlier versions, the vulnerability stems from incorrect manipulation of inputs leading to SQL injection...

PT-2025-36430

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Polling System version 1.0 Description: A SQL injection issue exists due to manipulation of the email parameter in a file located at /admin/manage-admins.php. The vulnerability is present in an unknown function within th...

SourceCodester Online Polling System Code SQL注入漏洞

SourceCodester Online Polling System Code is a SourceCodester open source online polling system. SourceCodester Online Polling System Code version 1.0 has a SQL injection vulnerability, the vulnerability stems from improper handling of parameters in the /registeracc.php file, which may lead to SQ...

CVE-2025-32327

In multiple functions of PickerDbFacade.java, there is a possible unauthorized data access due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-36372

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Discussion Forum version 1.0 Description: A SQL injection issue exists in itsourcecode Online Discussion Forum 1.0. The issue affects an unknown function within the /admin file. Manipulation of the Username parameter can...

CVE-2025-58628

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in kamleshyadav Miraculous miraculous allows Blind SQL Injection.This issue affects Miraculous: from n/a through 2.0.9...

CVE-2025-58780

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. NOTE: this is disputed by the Supplier because it "inaccurately describes the vulnerability."...