8125 matches found
ROS-20260129-73-0044
Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...
CVE-2026-1481
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...
CVE-2026-1534
A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...
CVE-2025-57792
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication,...
CVE-2025-57793
Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...
CVE-2026-22243
CVE-2026-22243 — EGroupware SQL Injection (Nextmatch filter processing) Affected software: EGroupware web-based groupware server (PHP), versions prior to 23.1.20260113 and 26.0.20260113. Root cause and vulnerability: An authenticated SQL Injection exists in the Nextmatch filter processing. The is...
PT-2026-5224
Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the ID argument, leading to SQL injection. This can be exploited remotely through a file locat...
PT-2026-5239
Tanium addressed a SQL injection vulnerability in Asset...
WebDamn User Registration Login System SQL Injection Vulnerability
The WebDamn User Registration Login System is a user registration and login module developed by WebDamn Corporation. The WebDamn User Registration Login System has a SQL injection vulnerability, which stems from improper handling of email credentials. This vulnerability may lead to SQL injection...
PT-2026-5152
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...
jshERP SQL Injection Vulnerability
jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “barCodes” in the “getBillItemByParam” function located in the...
CVE-2026-1474
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...
CVE-2026-1483
The CVE-2026-1483 entry concerns an out-of-band SQL injection in the Performance Evaluation (EDD) application developed by Gabinete Técnico de Programación. Affects the Id_usuario parameter in the endpoint /evaluacion_objetivos_ver_auto.aspx. Root cause is an OOB SQLi that allows extraction of se...
CVE-2026-1482
CVE-2026-1482 is an out-of-band SQL injection vulnerability in the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The flaw affects the Id_evaluacion parameter of the /evaluacion_objetivos_evalua_definido.aspx endpoint, enabling an attacker to exfiltrate data from ...
CVE-2026-1479
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...
CVE-2026-1473
CVE-2026-1473 describes an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the parameter Id_usuario in the page /evaluacion_competencias_evalua.aspx and can allow an attacker to extract sensitive data from th...
CVE-2020-36951 Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
EUVD-2020-30876
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
EUVD-2020-30862
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...
CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...