PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

CVE-2026-1701 itsourcecode School Management System index.php sql injection

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4686

CVE-2025-4686 concerns an SQL Injection in Kodmatic Computer Software’s Online Exam and Assessment product. The issue is described as improper neutralization of special elements used in SQL commands, enabling an injection that can impact confidentiality (low), integrity (low), and availability (h...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

PT-2026-5430

Name of the Vulnerable Software and Affected Versions itsourcecode Student Management System version 1.0 Description A security issue exists in itsourcecode Student Management System 1.0 related to the processing of the file '/enrollment/index.php'. Manipulation of the ID argument can lead to SQL...

CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

CVE-2026-1594

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

CVE-2020-36999

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

CVE-2025-7714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...

CVE-2026-1593

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

EUVD-2020-30903

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

CVE-2020-36999

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

EUVD-2026-4988

A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

Elaniin CMS SQL injection vulnerability

Elaniin CMS is an open-source content management system created using PHP and MySQL by Elaniin. Version 1.0 of Elaniin CMS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the login page, which may lead to authentication bypass...

PT-2026-5332

birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...

ROS-20260129-73-0044

Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...