EUVD-2026-9299

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...

PT-2026-22752

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view appointment.php...

PT-2026-22825

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument roll no leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed ...

GHSA-59G6-V3VG-F7WC CocoIndex Doris target connector didn't verify table name when constructing ALTER TABLE statements

Impact The Doris target connector didn't verify the configured table name before creating some SQL statements ALTER TABLE. So, in the application code, if the table name is provided by an untrusted upstream, it expose vulnerability to SQL injection when target schema change. Patches Yes, it's fix...

CVE-2025-48650

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-28399

NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, an authenticated user with Creator role can inject arbitrary SQL via the DATEADD formula's unit parameter. This issue has been patched in version 0.301.3...

CVE-2026-28399

NocoDB prior to 0.301.3 allows an authenticated user with Creator role to inject arbitrary SQL via the DATEADD formula’s unit parameter. The vulnerability affects NocoDB installations using DATEADD with the unit parameter and could lead to arbitrary SQL execution with the user’s privileges, poten...

CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2025-30062

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack...

PT-2026-22537

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A SQL injection issue exists in the Registration Handler component of projectworlds Online Art Gallery Shop version 1.0. The issue is located in the /admin/registration.php file,...

PT-2026-22605

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to SQL Injection in the /ppes/admin/myitem reuse.php file. The vulnerability allows for potential unauthorized access to or modification of...

Personnel Property Equipment System 安全漏洞

Personnel Property Equipment System is a personnel property equipment management system developed by Jon Remus Sevellejo. Version 1.0 of Personnel Property Equipment System has a security vulnerability, which stems from an SQL injection vulnerability in the /ppes/admin/myitemreuse.php file...

NocoDB SQL注入漏洞

NocoDB is an open-source alternative to Airtable. It converts any MySQL, PostgreSQL, SQL Server, SQLite, and MariaDB databases into intelligent spreadsheets. Versions of NocoDB prior to 0.301.3 had a SQL injection vulnerability; this vulnerability stemmed from unvalidated unit parameters in the...

PT-2026-22604

Name of the Vulnerable Software and Affected Versions code-projects Simple Student Alumni System version 1.0 Description The software contains a SQL Injection flaw in the /TracerStudy/recordteacher edit.php file. The vulnerability exists due to insufficient sanitization of user-supplied input. Th...

Code-Projects Simple Food Order System SQL注入漏洞

Code-Projects Simple Food Order System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the Code-Projects Simple Food Order System has a SQL injection vulnerability; this vulnerability arises from the file/food/view-ticket.php being vulnerable to SQL...

PT-2026-22602

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the /TracerStudy/modal view.php file. The vulnerability allows for potential unauthorized...