PT-2026-23685

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

CVE-2026-28115

CVE-2026-28115 is described as an SQL Injection in the WordPress plugin WP Attractive Donations System – Easy Stripe & Paypal donations (WP_AttractiveDonationsSystem) affecting versions up to 1.25. The issue is labeled as an improper neutralization of special elements in SQL commands, enabling bl...

CVE-2025-48650

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

PT-2026-22955

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. Attackers can send POST requests to the register-recruiters endpoint with time-based SQL injection payloads to...

SourceCodester Pharmacy Point of Sale System 安全漏洞

The SourceCodester Pharmacy Point of Sale System is an open-source pharmacy sales point system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Point of Sale System contains a security vulnerability, which stems from SQL injection in the /pharmacy/managesupplier.php file...

PT-2026-22825

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

EUVD-2026-9299

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

GHSA-59G6-V3VG-F7WC CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

Impact The Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. Patches Yes, it's fix...

CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

PT-2026-22537

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A SQL injection issue exists in the Registration Handler component of projectworlds Online Art Gallery Shop version 1.0. The issue is located in the /admin/registration.php file,...

Code-Projects Simple Student Alumni System 安全漏洞

Code-Projects Simple Student Alumni System is an open-source student alumni system developed by Code-Projects. Version 1.0 of the code-projects Simple Student Alumni System contains a security vulnerability, which stems from an SQL injection vulnerability in the /TracerStudy/recordteacher edit.ph...

Code-Projects Simple Student Alumni System 安全漏洞

Code-Projects Simple Student Alumni System is an open-source student alumni system developed by Code-Projects. Version 1.0 of the code-projects Simple Student Alumni System contains a security vulnerability, which stems from an SQL injection vulnerability in the /TracerStudy/recordteacherview.php...

PT-2026-22602

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the /TracerStudy/modal view.php file. The vulnerability allows for potential unauthorized...

PT-2026-22541

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A weakness exists in an unknown functionality of the file /admin/check studid.php. Manipulation of the student id argument can lead to SQL injection. The attack can be launched...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability; this vulnerability arises from the file/food/view-ticket.php being vulnerable to SQL...