GHSA-4XWV-49C8-FVHQ OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module

Summary Critical Error-Based SQL Injection vulnerability in the Scadenzario Payment Schedule bulk operations module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer PII, and financial records through XML error...

CVE-2019-25303

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

CVE-2026-2018 itsourcecode School Management System controller.php sql injection

A flaw has been found in itsourcecode School Management System 1.0. This affects an unknown part of the file /ramonsys/settings/controller.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

CVE-2026-2014

A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-2013 itsourcecode Student Management System index.php sql injection

A vulnerability was identified in itsourcecode Student Management System 1.0. This affects an unknown function of the file /ramonsys/soa/index.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used...

PT-2026-6694

Name of the Vulnerable Software and Affected Versions FortiClient EMS versions 7.0.1 through 7.0.13 FortiClient EMS versions 7.2.0 through 7.2.2 FortiClient EMS version 7.4.4 Description An improper neutralization of special elements used in an SQL command SQL injection exists in the web interfac...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software developed by Devcode, used for technical assistance and billing purposes. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from improper cleaning of the term parameter in the global...

OpenSTAManager SQL注入漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of the idrecords array in the batch operation...

Globitek CMS SQL注入漏洞

Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.4 of Globitek CMS has a SQL injection vulnerability. This vulnerability stems from an SQL injection in the id GET parameter, which may allow attackers to extract or modify database information...

PT-2026-6693

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A flaw exists in itsourcecode Student Management System that allows for remote SQL injection. The issue is located in the /ramonsys/enrollment/controller.php file, specifically...

PT-2026-6769

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions 2.9.8 and earlier Description OpenSTAManager is susceptible to an authenticated SQL injection issue within the Scadenzario Payment Schedule print template. Any authenticated user can exploit this to extract sensitive da...

CVE-2026-1517

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue...

EUVD-2026-5352

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

CVE-2026-25513 FacturaScripts has SQL Injection vulnerability in API ORDER BY Clause

FacturaScripts is open-source enterprise resource planning and accounting software. Prior to version 2025.81, FacturaScripts contains a critical SQL injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The...

CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module

OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, there is a SQL Injection vulnerability in the Stampe Module. At time of publication, no known patch exists...

FacturaScripts 安全漏洞

FacturaScripts is an open-source ERP software developed by Carlos Garcia, a Spanish developer. Versions of FacturaScripts prior to 2025.81 contained security vulnerabilities. These vulnerabilities stemmed from the automatic completion feature, where user-provided parameters were directly...

CVE-2020-37089

School ERP Pro 1.0 contains a SQL injection vulnerability in the 'esmessagesid' parameter that allows attackers to manipulate database queries through GET requests. Attackers can exploit the vulnerable parameter by injecting crafted SQL statements to potentially extract, modify, or delete databas...

CVE-2020-37083

CVE-2020-37083 affects PHP AddressBook 9.0.0.1, where a time-based blind SQL injection is possible through the id parameter in photo.php. The underlying issue is a vulnerable SQL query that allows remote attackers to inject statements and cause time delays to deduce information. The documents spe...

GHSA-CJFX-QHWM-HF99 FacturaScripts has SQL Injection in API ORDER BY Clause

Summary FacturaScripts contains a critical SQL Injection vulnerability in the REST API that allows authenticated API users to execute arbitrary SQL queries through the sort parameter. The vulnerability exists in the ModelClass::getOrderBy method where user-supplied sorting parameters are directly...

CVE-2020-37112

CVE-2020-37112 affects GUnet OpenEclass 1.7.3. The provided documents describe multiple SQL injection vulnerabilities in the agenda module and other endpoints, exploitable by authenticated attackers to manipulate queries and extract sensitive data via error-based or time-based techniques (via the...