CVE-2026-1130

Affected software: Yonyou KSOA 9.0. The vulnerability stems from the HTTP GET Parameter Handler processing of the file /worksheet/worksadd_plan.jsp, where manipulation of the ID argument enables SQL injection. This can be triggered remotely, and exploits have been published. Multiple sources conf...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of parameters named “ID” in the file/worksheet/worksaddplan.jsp. This vulnerability may lead to S...

CVE-2026-1119

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

PT-2026-3390

Name of the Vulnerable Software and Affected Versions Yonyou KSOA version 9.0 Description A flaw exists in Yonyou KSOA 9.0 related to the HTTP GET Parameter Handler. Specifically, manipulation of the ID argument in the /worksheet/work info.jsp file can lead to SQL injection. This issue is remotel...

PT-2026-3387

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A flaw exists in itsourcecode Society Management System version 1.0 that could allow for remote code execution. The issue is located in the /admin/delete activity.php file,...

CVE-2021-47766 Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection (Authenticated)

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vulnerability using boolean-based, error-based, and time-based blind SQL injection techniques to...

Wolters Kluwer Kmaleon SQL injection vulnerability

Wolters Kluwer Kmaleon is an automated case management software developed by the German company Wolters Kluwer. Version 1.1.0.205 of Wolters Kluwer Kmaleon contains a SQL injection vulnerability. This vulnerability stems from the SQL injection in the tipocomb parameter of the kmaleonW.php file,...

EUVD-2026-2787

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37181

CVE-2025-37181 affects the EdgeConnect SD-WAN Orchestrator web-based management interface. An authenticated remote attacker can perform SQL injection, potentially executing arbitrary SQL on the underlying database, leading to unauthorized data access or data manipulation. Connected sources (Red H...

WordPress plugin Shipping Rate By Cities SQL注入漏洞

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

PT-2026-2912

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2026-0803

A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The...

CVE-2023-54340 WorkOrder CMS 0.1.0 - SQL Injection

WorkOrder CMS 0.1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login by manipulating username and password parameters. Attackers can inject malicious SQL queries using techniques like OR '1'='1' and stacked queries to access database information or...

CVE-2026-0501 SQL Injection Vulnerability in SAP S/4HANA Private Cloud and On-Premise (Financials � General Ledger)

Due to insufficient input validation in SAP S/4HANA Private Cloud and On-Premise Financials General Ledger, an authenticated user could execute crafted SQL queries to read, modify, and delete backend database data. This leads to a high impact on the confidentiality, integrity, and availability of...

PT-2026-2423

Name of the Vulnerable Software and Affected Versions Social-Share-Buttons version 2.2.3 Description The software contains a SQL injection issue in the project id parameter. Attackers can exploit this by sending specially crafted POST requests with malicious SQL payloads to manipulate database...

CVE-2025-52694

Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet, potentially affecting data confidentiality, integrity, and availability. Users and administrato...

CVE-2026-22195 GestSup < 3.2.60 SQL Injection in Search Bar

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2023-40933

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...