CVE-2022-38282

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /admin/videoalbum/list...

CVE-2017-18288

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter...

CVE-2023-4185

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack...

CVE-2023-4201

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file excatagorydata.php. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The exploi...

CVE-2023-4899

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1...

Area9 Rhapsode 安全漏洞

Area9 Rhapsode is an adaptive learning platform from Area9 USA. A security vulnerability exists in Area9 Rhapsode version 1.47.3, which stems from insufficient input validation and could lead to an SQL injection attack...

CVE-2025-67928 WordPress Automotive Listings plugin <= 18.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotive Listings: from n/a through = 18.6...

CVE-2025-67921 WordPress Lobo theme < 2.8.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through 2.8.6...

PT-2026-1829

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk versions 18.34 Description A SQL injection issue exists due to the improper handling of user-supplied data. Specifically, the hfInventoryDistFormID parameter within the...

CVE-2025-13409

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-15239

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13409 Form Vibes – Database Manager for Forms <= 1.4.13 - Authenticated (Admin+) SQL Injection

The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-39484

CVE-2025-39484 : An SQL Injection vulnerability in the WordPress theme Entrada (Waituk Entrada) exists due to improper neutralization of input in SQL commands. Affected product/version: Entrada up to 5.7.7. Exploitation context and impact are described as SQL injection with high likelihood of dat...

CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

EUVD-2026-0865

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/leftcart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

FreeBPX < 16.0.92 Multiples Vulnerabilities

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities : - An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting th...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from incorrect manipulation of the parameter ID in the file...

PT-2026-1260

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security issue exists in code-projects Online Product Reservation System 1.0. The issue involves the manipulation of the transaction id argument within the GET Parameter...

PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...