PT-2026-24980

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the poll parameter, which may...

PT-2026-24982

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo id parameter. Attackers can send GET requests to photo.php with malicious photo id values to extract sensitive data, bypass...

FeMiner wms SQL注入漏洞

FeMiner wms is a repository management system developed by FeMiner’s individual developers in China. Versions of FeMiner wms prior to version 1.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters named “Name” in the file...

PT-2026-24970

Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

CVE-2025-70024

An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...

CVE-2026-32127

CVE-2026-32127 affects OpenEMR before version 8.0.0.1, via a SQL injection in the ajax graphs library caused by insufficient input validation. The vulnerability can be exploited by authenticated attackers and may impact confidentiality, integrity, and availability. The advisory states the issue i...

CVE-2026-32234

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.10 and 8.6.36, an attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with...

CVE-2026-31877

Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...

CVE-2026-3944 itsourcecode University Management System att_add.php sql injection

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

PT-2026-24668

🚨 CVE-2026-3944 A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly...

WeGIA SQL注入漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.6 contained an SQL injection vulnerability. This vulnerability stemmed from the id Produto parameter in the html/matPat/restaurarProduto.php file being directly concatenated into the SQ...

CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

CVE-2026-29172

Craft Commerce (Craft CMS) is affected by a SQL Injection in the purchasables table sorting. Prior to versions 4.10.2 and 5.5.3, the sort parameter is split by | and the first part (column name) is used directly as an array key in orderBy() without whitelist validation, allowing an authenticated ...

EUVD-2026-10813

Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

PT-2026-24326

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL injection issue. This allows an authorized attacker to eleva...

Fortinet FortiAnalyzer sqli (FG-IR-26-095)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-095 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

CVE-2026-3747

A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /addresult.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...