PYSEC-2026-47

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28..QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation.Earlier,...

CVE-2026-1312

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. .QuerySet.orderby is subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. Earlier,...

Django 安全漏洞

Django is a set of open-source web framework based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions prior to Django 6.0.2, 5.2.11, and 4.2.28 have security vulnerabilities. These...

PT-2026-5797

OXID eShop versions 6.x prior to 6.3.4 contains a SQL injection vulnerability in the 'sorting' parameter that allows attackers to insert malicious database content. Attackers can exploit the vulnerability by manipulating the sorting parameter to inject PHP code into the database and execute...

PT-2026-6253

Name of the Vulnerable Software and Affected Versions Iqonic Design KiviCare versions through 3.6.16 Description The software contains an Improper Neutralization of Special Elements used in an SQL Command issue, specifically a Blind SQL Injection. This allows for potential unauthorized access or...

📄 MaNGOSWeb 4.0.6 Multi-Exploit Framework

A comprehensive penetration testing tool designed to identify and exploit multiple critical vulnerabilities in MangosWeb 4 version 4.0.6, a World of Warcraft emulator web interface. These include SQL injection, XML injection, file write vulnerabilities, and more...

CVE-2021-47915

PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web...

CVE-2021-47918

Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application...

CVE-2026-0683

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

CVE-2026-0683

The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to SQL Injection via the Number-type custom field filter in all versions up to, and including, 3.4.4. This is due to insufficient escaping on the user-supplied operand value when using the equals...

CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection

Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...

CVE-2025-4686

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Kodmatic Computer Software Tourism Construction Industry and Trade Ltd. Co. Online Exam and Assessment allows SQL Injection. This issue affects Online Exam and Assessment: through 30012026. NOTE:...

PT-2026-5488

Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a time-based blind SQL injection issue in the feedback form. This allows attackers to extract database password hashes. The issue is exploitable through the 'feed.php' endpoint ...

PT-2026-5493

Name of the Vulnerable Software and Affected Versions Online-Exam-System version 2015 Description The software contains a SQL injection issue within the feedback module. Attackers can manipulate database queries by injecting malicious SQL code through the fid parameter. This could allow attackers...

Exploit for CVE-2025-10878

CVE-2025-10878-AdminPand...

CVE-2020-37006

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'srcrecord' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

CVE-2020-37008

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

CVE-2020-37004 Ultimate Project Manager CRM PRO 2.0.5 - SQLi Credentials Leakage

The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tblusers database table. Attackers can exploit the /frontend/getarticlesuggestion/ endpoint by crafting malicious search paramete...

CVE-2020-37005 TimeClock Software 1.01 Authenticated Time-Based SQL Injection

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2026-1589

The CVE-2026-1589 entry affects itsourcecode School Management System 1.0. A SQL injection vulnerability exists in the /ramonsys/inquiry/index.php file, triggered by manipulating the txtsearch argument. This can be exploited remotely and has public disclosure. Affects an unknown function within t...