CVE-2019-25538 202CMS v10 beta SQL Injection via log_user Parameter

202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...

CVE-2019-25530

The CVE describes an SQL injection in the uHotelBooking System where unauthenticated attackers can inject through the system_page GET parameter in index.php. The vulnerability enables time-based blind SQL injection to extract sensitive database information, with CVSS scores indicating HIGH impact...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...

CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

CVE-2019-25510

CVE-2019-25510 affects Jettweb PHP Hazir Haber Sitesi Scripti V2. The vulnerability is an authentication bypass in the administration panel caused by improper SQL query validation in the admingiris.php login form, enabling unauthenticated attackers to bypass login and access the administrative in...

CVE-2019-25510 Jettweb PHP Hazir Haber Sitesi Scripti V2 Authentication Bypass

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

CVE-2026-3981 itsourcecode Online Doctor Appointment System doctor_action.php sql injection

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

PT-2026-24989

Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. Attackers can send GET requests to the admin/edit.php endpoint with malicious 'page' values using boolean-based...

PT-2026-24978

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...

EUVD-2026-11311

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

CVE-2019-25486 Varient 1.6.1 SQL Injection via user_id Parameter

Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit POST requests with crafted SQL payloads in the userid field to bypass authentication and extract...

CVE-2026-31871

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.5 and 8.6.31, a SQL injection vulnerability exists in the PostgreSQL storage adapter when processing Increment operations on nested object fields using dot notation e.g.,...

WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 9.6.0-alpha.10 and 8.6.36 contain a SQL injection vulnerability. This vulnerability arises when PostgreSQL database is used in...

CVE-2026-31825

Sylius is an Open Source eCommerce Framework on Symfony. Sylius API filters ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter pass user-supplied order direction values directly to Doctrine's orderBy without validation. An attacker can inject arbitrary DQL. The issue is fixed in...

EUVD-2026-10492

SQL Injection CWE-89 in the system configuration module in Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 on Linux allows remote attackers to execute arbitrary SQL commands and potentially achieve remote code execution via specially crafted SQL requests...