CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...

PrestaShop 安全漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. There are security vulnerabilities in the PrestaShop module AdvancedPopupCreato...

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

CVE-2025-55210 FreePBX API has a Privilege Escalation Error in GraphQL Allowing Authenticated Users to Access Additional Scopes

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2025-55210

CVE-2025-55210 affects FreePBX PBX API (module api) prior to 17.0.5 and 16.0.17. The issue allows privilege escalation for authenticated users with REST/GraphQL API access by forging a valid JWT signed with the api-oauth.key private key and arbitrary scopes. The token will be accepted only if its...

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025...

thesystem SQL注入漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem has a SQL injection vulnerability, which stems from improper handling of the username parameter, potentially leading to SQL injection attacks...

PT-2026-7867

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

elearning-script SQL注入漏洞

elearning-script is an e-learning blog developed by Amit Kollol Dey. Version 1.0 of elearning-script has a SQL injection vulnerability, which stems from incorrect handling of login parameters in the /login.php file. This vulnerability could lead to authentication bypasses...

PT-2026-7859

FreePBX is an open-source web-based graphical user interface GUI that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api PBX API is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT wit...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 - CMS Made Simple SQL Injection Exploit Modifie...

UBUNTU-CVE-2025-14592

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API...

CVE-2025-8099

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries...

CVE-2026-2093

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-13431 SlimStat Analytics <= 5.3.1 - Authenticated (Subscriber+) SQL Injection via `args` Parameter

The SlimStat Analytics plugin for WordPress is vulnerable to time-based SQL Injection via the ‘args’ parameter in all versions up to, and including, 5.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of the American company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. There were security vulnerabilities in versions prior to 18.6.6,...

GitLab 安全漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD continuous integration and delivery. There were security vulnerabilities in versions prior to GitLab EE...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2025-6830

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpoda Türkiye Information Technology Inc. Password Module allows SQL Injection.This issue affects Password Module: through 11022026...