PT-2026-6992

Name of the Vulnerable Software and Affected Versions itsourcecode Directory Management System version 1.0 Description A flaw exists in itsourcecode Directory Management System that allows for remote code execution. The issue is located within the /admin/forget-password.php file. Specifically,...

PT-2026-7022

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for remote code execution. The issue is related to the manipulation of the ay argument in the file...

CVE-2026-24417

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

CVE-2026-2090

A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-2090 SourceCodester Online Class Record System search.php sql injection

A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-2089

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-5726

A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument useremail causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

CVE-2026-2083

CVE-2026-2083 affects code-projects Social Networking Site 1.0. The flaw is in the unknown function of the file /delete_post.php ; manipulating the ID argument yields an SQL injection . It is remotely exploitable and the exploit has been publicly released. Multiple sources (NVD, Red Hat, CVE list...

EUVD-2026-5759

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

PT-2026-6901

Name of the Vulnerable Software and Affected Versions code-projects Social Networking Site version 1.0 Description A security flaw exists in code-projects Social Networking Site 1.0. The issue is related to SQL injection in an unknown function within the /delete post.php file. Manipulating the ID...

CVE-2020-37154

CVE-2020-37154 affects eLection 2.0, with an authenticated SQL injection in the candidate management endpoint. The vulnerability allows manipulation of database queries through the 'id' parameter and can be leveraged with SQLMap; authorship notes suggest potential remote code execution via upload...

CVE-2020-37154 eLection 2.0 - 'id' SQL Injection

eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentially gaining remote code execution by uploadi...

CVE-2026-24418

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the bulk operations handler for the Scadenzario Payment Schedule module. The application fails to validate...

CVE-2026-24417

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the global search functionality. The application fails to properly sanitize the term parameter before...

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module

Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

CVE-2026-2060

Summary: CVE-2026-2060 affects code-projects’ Simple Blood Donor Management System 1.0. The vulnerability is in the file /simpleblooddonor/editcampaignform.php, where manipulating the ID parameter results in an SQL injection. The issue is exploitable remotely and the exploit has been publicly dis...

CVE-2019-25303 TheJshen contentManagementSystem 1.04 - 'id' SQL Injection

TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information...

CVE-2019-25303

The CVE-2019-25303 entry affects TheJshen ContentManagementSystem 1.04. It describes a SQL injection vulnerability exploitable via the GET parameter id, enabling boolean-based, time-based, and UNION-based techniques to extract or manipulate database information. The available documents consistent...