2820 matches found
GHSA-RCCQ-2FXQ-7X3H LimeSurvey is vulnerable to SQL injection
SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
SAP NetWeaver SQL注入漏洞
SAP NetWeaver is a service-oriented integrated application platform developed by the German company SAP. This platform primarily provides development and runtime environments for SAP applications. SAP NetWeaver has a SQL injection vulnerability, which arises from unvalidated or escaped user input...
Fortinet FortiAnalyzer和Fortinet FortiAnalyzer-BigData SQL注入漏洞
Fortinet FortiAnalyzer and Fortinet FortiAnalyzer-BigData are products of the American company Fortinet. Fortinet FortiAnalyzer is a centralized network security reporting solution. This product is primarily used to collect network log data and analyze security events, network traffic, web conten...
LimeSurvey(PHPSurveyor) 安全漏洞
LimeSurvey PHPSurveyor is a set of open-source online survey programs developed by the LimeSurvey team. It supports functions such as survey program development, survey questionnaire publishing, and data collection. Versions of LimeSurvey PHPSurveyor prior to 6.15.4+250710 contained security...
Craft Commerce SQL注入漏洞
Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions of Craft Commerce prior to 5.5.3 contained a SQL injection vulnerability. This vulnerability stemmed from the direct concatenation of sort parameters into SQL statements without proper validatio...
Sylius 安全漏洞
Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. There is a security vulnerability in Sylius. This vulnerability stems from the fact that the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API filters directly pa...
PT-2026-24345
CVE-2025-56421 SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database. https://t.co/LNI5znu9QV...
PT-2026-24160
SAP NetWeaver Feedback Notifications Service contains a SQL injection vulnerability that allows an authenticated attacker to inject arbitrary SQL code through user-controlled input fields. The application concatenates these inputs directly into SQL queries without proper validation or escaping. A...
PT-2026-24479
Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 1.11.17 Sylius versions 1.12.23 through 1.13.15 Sylius versions 1.14.18 through 2.0.16 Sylius versions 2.1.12 through 2.2.3 Description Sylius is an Open Source eCommerce Framework on Symfony. The...
CVE-2026-3723
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released t...
CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...
Eventobot SQL注入漏洞
Eventobot is a ticketing management system developed by Eventobot Inc. Eventobot has a SQL injection vulnerability, which stems from insufficient cleaning and escaping of the promosend parameter. This vulnerability may lead to SQL injection attacks...
CVE-2026-3765 itsourcecode University Management System att_single_view.php sql injection
A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...
CVE-2026-3746 SourceCodester Simple Responsive Tourism Website Login Login.php sql injection
A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may...
CVE-2026-3709 code-projects Simple Flight Ticket Booking System register.php sql injection
A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made availabl...
CVE-2026-3705
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...
PT-2026-23940
Name of the Vulnerable Software and Affected Versions Simple Flight Ticket Booking System version 1.0 Description A SQL injection issue exists in Simple Flight Ticket Booking System version 1.0. The issue is located in the SearchResultOneway.php file and involves manipulation of the from argument...
PT-2026-23976
Name of the Vulnerable Software and Affected Versions itsourcecode University Management System version 1.0 Description A flaw exists in itsourcecode University Management System that allows for remote code execution. The issue is related to the manipulation of the dt argument within the /att...