BMC Control-M/MFT 安全漏洞

BMC Control-M/MFT is an enterprise-level file transfer and job scheduling integration management software developed by the American company BMC. Versions of BMC Control-M/MFT 9.0.22 and earlier contained security vulnerabilities. These vulnerabilities were due to improper input validation in the...

PT-2026-31929

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $ GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

IBM Storage Protect Server SQL Injection Vulnerability

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Category parameter in the...

CVE-2026-5985 code-projects Simple IT Discussion Forum crud.php sql injection

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

EUVD-2026-20902

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

CVE-2026-4112

Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...

CVE-2026-34185

Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...

CVE-2026-34185 SQL Injection in Hydrosystem Control System

Hydrosystem Control System is vulnerable to SQL Injection across most scripts and input parameters. Because no protections are in place, an authenticated attacker can inject arbitrary SQL commands, potentially gaining full control over the database.This issue was fixed in Hydrosystem Control Syst...

CVE-2026-5847

A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been...

CVE-2026-5827 code-projects Simple IT Discussion Forum question-function.php sql injection

A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /question-function.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public a...

SonicWALL SMA1000 SQL注入漏洞

SonicWALL SMA1000 is a series of security mobile access solutions developed by the American company SonicWALL. It simplifies end-to-end secure remote access for enterprise resources hosted across local, cloud, and hybrid data centers. The SonicWall SMA1000 has a SQL injection vulnerability, which...

PT-2026-31726

Name of the Vulnerable Software and Affected Versions WordPress adivaha Travel Plugin version 2.3 Description The adivaha Travel Plugin for WordPress version 2.3 contains a time-based blind SQL injection vulnerability. Unauthenticated attackers can manipulate database queries by injecting SQL cod...

PT-2026-31560

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection issue exists due to the manipulation of the postid argument in an unknown function within the /functions/addcomment.php file. The attack can be launched remotely. The exploit h...

Hydrosystem Control System SQL注入漏洞

Hydrosystem Control System is an industrial water treatment and fluid control monitoring system developed by the American company Hydrosystem. Versions of Hydrosystem Control System prior to 9.8.5 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of protective...

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Inc. Version 3.1 of PHPGurukul Online Course Registration has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter regno in the file...

PT-2026-31601

Name of the Vulnerable Software and Affected Versions Hydrosystem Control System versions prior to 9.8.5 Description Hydrosystem Control System is susceptible to SQL Injection across numerous scripts and input parameters. The absence of protective measures allows an authenticated attacker to inje...

CVE-2026-5824 code-projects Simple Laundry System userchecklogin.php sql injection

A security vulnerability has been detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /userchecklogin.php. Such manipulation of the argument userid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed public...

CVE-2026-5824

The CVE-2026-5824 entry concerns code-projects Simple Laundry System 1.0. An SQL injection vulnerability exists in an unknown part of the file /userchecklogin.php, triggered by manipulating the userid argument. The issue is exploitable remotely and the exploit is publicly disclosed. No remediatio...

CVE-2026-5823 itsourcecode Construction Management System borrowed_tool_report.php sql injection

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowedtoolreport.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit has...