CVE-2025-39484

CVE-2025-39484 : An SQL Injection vulnerability in the WordPress theme Entrada (Waituk Entrada) exists due to improper neutralization of input in SQL commands. Affected product/version: Entrada up to 5.7.7. Exploitation context and impact are described as SQL injection with high likelihood of dat...

EUVD-2026-0840

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Waituk Entrada allows SQL Injection.This issue affects Entrada: from n/a through 5.7.7...

CVE-2025-15029 An unauthenticated user is able to introduce SQL Injection using the Awie export module

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring Awie export modules allows SQL Injection to unauthenticated user. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0 before 24.10.3, from 24.04...

CVE-2026-0591

Code-projects Online Product Reservation System 1.0 contains a SQL injection vulnerability in the Cart Update Handler, specifically in the /app/checkout/update.php file’s unknown function. Manipulating the id/qty parameter can trigger the injection, enabling remote exploitation. Public exploit/Po...

CVE-2025-30633

CVE-2025-30633 affects the WordPress plugin Woozone Contextual Amazon Native Shopping Recommendations (WordPress Native Shopping Recommendations) up to version 1.3. Description confirms an improper neutralization of special elements in SQL commands, i.e., an SQL Injection vulnerability. Affected ...

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

EUVD-2026-0865

A weakness has been identified in code-projects Online Product Reservation System 1.0. This issue affects some unknown processing of the file app/products/leftcart.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

EUVD-2026-0905

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2026-0918

A vulnerability was identified in sfturing hosporder up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssmpro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can ...

PT-2026-1226

Name of the Vulnerable Software and Affected Versions QOCA aim AI Medical Cloud Platform affected versions not specified Description The QOCA aim AI Medical Cloud Platform allows authenticated remote attackers to inject arbitrary SQL commands, potentially enabling them to read database contents...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which originates from the incorrect operation of the parameter emailadd in the fil...

itsourcecode Society Management System SQL注入漏洞

itsourcecode Society Management System is an itsourcecode open source society management system. A SQL injection vulnerability exists in version 1.0 of itsourcecode Society Management System, which stems from an incorrect manipulation of the parameter Title in the file /admin/editactivityquery.ph...

Code-Projects Online Product Reservation System SQL注入漏洞

Code-Projects Online Product Reservation System is a Code-Projects open source online product reservation system. A SQL injection vulnerability exists in Code-Projects Online Product Reservation System version 1.0, which stems from incorrect manipulation of the parameter ID in the file...

hosporder SQL注入漏洞

hosporder is a hospital appointment registration system by the individual developer Xiaohao.Shi in China. A SQL injection vulnerability exists in hosporder 627f426331da8086ce8fff2017d65b1ddef384f8 and earlier versions, which stems from an incorrect manipulation of the parameter hospitalAddress/...

WordPress plugin Entrada SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

PT-2026-1260

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security issue exists in code-projects Online Product Reservation System 1.0. The issue involves the manipulation of the transaction id argument within the GET Parameter...

WordPress plugin Infility Global SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injection...

FreeBPX < 16.0.92 Multiples Vulnerabilities

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities : - An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting th...

CampCodes Supplier Management System SQL注入漏洞

CampCodes Supplier Management System is a supplier management system from CampCodes, Inc. A SQL injection vulnerability exists in CampCodes Supplier Management System version 1.0, which stems from incorrect manipulation of the parameter txtRetailerAddress in the file /retailer/editprofile.php,...

PT-2026-1289

Name of the Vulnerable Software and Affected Versions Centreon Infra Monitoring versions 24.04.0 through 24.04.3 Centreon Infra Monitoring versions 24.10.0 through 24.10.3 Centreon Infra Monitoring versions 25.10.0 through 25.10.2 Description A flaw exists in Centreon Infra Monitoring Awie export...