WordPress Easy Quotes plugin <= 1.2.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by NAWardRox Patchstack Alliance in WordPress Plugin Easy Quotes versions = 1.2.2...

Vulnerability fixed in Exim

Exim's developers have fixed an SQL injection vulnerability. A malicious party could exploit the vulnerability to execute an SQL injection. This allows the malicious party to gain access to sensitive data and potentially execute arbitrary code with privileges from the Exim installation. The exim...

PbootCMS 安全漏洞

PbootCMS is a PbootCMS open source content management system CMS for building websites for open source businesses using the PHP language. A security vulnerability exists in PbootCMS version 1.4.1, which stems from improper template parsing and leads to SQL injection...

ChurchCRM 安全漏洞

ChurchCRM is an open source CRM system built for churches by ChurchCRM Open Source. A security vulnerability exists in ChurchCRM 5.13.0 and earlier versions, which stems from the CurrentFundraiser parameter being directly connected to a SQL query without sufficient cleanup, which can be exploited...

PT-2025-7382 · WordPress · Pollin

Name of the Vulnerable Software and Affected Versions: Pollin plugin for WordPress versions up to, and including, 1.01.1 Description: The issue allows unauthenticated attackers to perform SQL Injection via the question parameter due to insufficient escaping on the user-supplied parameter and lack...

WordPress LTL Freight Quotes – SAIA Edition plugin <= 2.2.10 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin LTL Freight Quotes – SAIA Edition versions = 2.2.10...

WeGIA 访问控制错误漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. WeGIA has an access control error vulnerability that originates from the documentoexcluir.php page of the WeGIA application instance containing a SQL injection vulnerability...

LuxSoft LuxCal Web Calendar SQL注入漏洞

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A SQL injection vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.3.3M and prior to 5.3.3L, which originates from a SQL injection in retrieve.php and could lead...

Wazifa System control.php File SQL Injection Vulnerability

Wazifa System is a content management system. Wazifa System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the /controllers /control.php file. An attacker can exploit this vulnerability to execute illegal SQL commands t...

yimioa SQL注入漏洞

yimioa Cloudweb OA is a locally deployed OA software by rabbit individual developers. A security vulnerability exists in yimioa version 2024.07.03 and earlier versions, which originates from the selectNoticeList function of com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml contains a SQL injection...

SourceCodester Best Church Management Software 注入漏洞

SourceCodester Best Church Management Software is an open source church management software from Sourcecodester. An injection vulnerability exists in SourceCodester Best Church Management Software version 1.1, which stems from an incorrect manipulation of the parameter id that can lead to SQL...

WordPress plugin LTL Freight Quotes – For Customers of FedEx Freight SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. The WordPress plugin LTL Freight Quotes - For...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot version v.3.7.2, which originated from the inclusion of a SQL injection vulnerability that allows remote attackers to obtain sensitive information vi...

CVE-2024-29822

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

CVE-2024-29823

An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code...

WordPress Distance Rate Shipping for WooCommerce plugin <= 1.3.4 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jingle Bells in WordPress Plugin Distance Rate Shipping for WooCommerce versions = 1.3.4...

PT-2025-5598 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, salvar cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...

WordPress MultiLoca plugin <= 4.1.11 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Aiden Thái An in WordPress Plugin MultiLoca versions = 4.1.11...

1000 Projects Employee Task Management System SQL注入漏洞

1000 Projects Employee Task Management System is an open source employee task management system from 1000 Projects. A SQL injection vulnerability exists in 1000 Projects Employee Task Management System version 1.0, which is caused by SQL injection due to parameter email...

PT-2025-4086 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System versions 1.0 and earlier Description: A critical issue has been found in the code-projects Chat System, affecting an unknown functionality of the file /user/addnewmember.php. The manipulation of the user argument lea...