SIGB PMB SQL注入漏洞

SIGB PMB is an open-source integrated library management system developed by SIGB Corporation. Version 5.6 of SIGB PMB contains a SQL injection vulnerability. This vulnerability stems from the logid parameter in the management download script, which allows for SQL injections. As a result,...

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

PT-2026-5982

Name of the Vulnerable Software and Affected Versions JEEWMS version 1.0 Description JEEWMS 1.0 is susceptible to SQL Injection. An attacker can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do API endpoint. Recommendations Apply appropriate input...

Fikir Odalari AdminPando SQL注入漏洞

Fikir Odalari AdminPando is a backend management system operated by the Turkish company Fikir Odalari. Version 1.0.1 of Fikir Odalari AdminPando before January 26, 2026 contained an SQL injection vulnerability. This vulnerability stemmed from the username and password parameters used in the login...

Emit Efficiency Management System SQL注入漏洞

Emit Efficiency Management System is a business process and efficiency management platform developed by the Turkish company Emit. Versions of the Emit Efficiency Management System prior to 03022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of speci...

EUVD-2025-206728

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

PT-2026-5908

Name of the Vulnerable Software and Affected Versions Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System versions through 03022026 Description The software contains a flaw related to improper neutralization of special elements within SQ...

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect subscription deletion operations, which allowed attackers to inject SQL commands through specially crafte...

YouDataSum CPAS Audit Management System 安全漏洞

YouDataSum CPAS Audit Management System is a data auditing software developed by YouDataSum Corporation. Versions of YouDataSum CPAS Audit Management System prior to v4.9 contained security vulnerabilities. These vulnerabilities were due to insufficient validation of parameter inputs, which could...

PT-2026-6462

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

JeecgBoot SQL注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “keyword” in the file...

📄 FreePBX Endpoint Authentication Bypass / SQL Injection

This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...

Plikli CMS 4.0.0 Blind SQL Injection

A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

PT-2026-5560

Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0 Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allow...

CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

PYSEC-2026-115

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...

CVE-2025-36001 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...