Glances has SQL Injection via Process Names in TimescaleDB Export

Summary The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single quotes, making SQL injection trivial via attacker-controlled data such as...

CVE-2026-3736

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploi...

EUVD-2026-10274

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

EUVD-2026-10250

A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /addresult.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2026-3757

CVE-2026-3757 affects projectworlds Online Art Gallery Shop 1.0. A SQL injection vulnerability exists in an unknown functionality accessed via the file path /?pass=1, caused by manipulation of the fnm argument. The vulnerability is described as exploitable remotely and the exploit has been releas...

CVE-2026-3751 SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

AWS VDP: SQL Injection Detection Bypass in AWS WAF Managed Rules (AWSManagedRulesSQLiRuleSet)

Researchers This vulnerability was discovered through collaborative security research. Researchers: - █████ - █████████ - █████████ --- Summary AWS WAF fails to detect certain SQL injection payload variants. These payloads bypass the AWS WAF SQL injection detection rules and reach the backend...

EUVD-2026-10212

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made...

CVE-2026-3711

A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed...

PT-2026-23970

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A security issue exists in projectworlds Online Art Gallery Shop 1.0. The vulnerability involves SQL injection within the /admin/adminHome.php file. Manipulation of the reach nm...

PT-2026-23957

Name of the Vulnerable Software and Affected Versions SourceCodester Employee Task Management System version 1.0 Description A SQL injection issue exists in the GET Parameter Handler component of the software, specifically within the file '/daily-attendance-report.php'. The Date parameter is...

PT-2026-23928

Name of the Vulnerable Software and Affected Versions code-projects Simple Flight Ticket Booking System version 1.0 Description A security flaw exists in code-projects Simple Flight Ticket Booking System version 1.0. The issue involves SQL injection, potentially allowing remote attackers to explo...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

EUVD-2018-21645

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

CVE-2018-25179

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. Attackers can send POST requests to the settings endpoint with crafted SQL payloads in the language parameter t...

CVE-2018-25173

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2018-25163 BitZoom 1.0 SQL Injection via rollno Parameter

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

Jeson Customer Relationship Management System SQL注入漏洞

Jeson Customer Relationship Management System is a lightweight customer relationship management system developed by DefaultFunction’s individual developer. Version 1.0.0 of Jeson Customer Relationship Management System has a SQL injection vulnerability. This vulnerability arises from incorrect...