PT-2026-27776

A SQL Injection vulnerability has been found in Support Board v3.7.7. This vulnerability allows an attacker to retrieve, create, update and delete database via 'calls0message ids' parameter in '/supportboard/include/ajax.php' endpoint...

PT-2026-27878

Name of the Vulnerable Software and Affected Versions WPFactory Advanced WooCommerce Product Sales Reporting versions through 4.1.3 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This...

PT-2026-27813

Name of the Vulnerable Software and Affected Versions Lisfinity Core versions n/a through 1.5.0 Description A flaw exists in pebas Lisfinity Core lisfinity-core that allows for SQL Injection. This occurs due to improper neutralization of special elements used in an SQL command. The issue affects...

PT-2026-28150

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...

WordPress plugin Lisfinity Core SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-28074

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.14.1 n8n versions prior to 2.13.3 n8n versions prior to 1.123.26 Description n8n is a workflow automation platform. A user authenticated with permissions to create or modify workflows could leverage the "Combine by SQL"...

PT-2026-27995

Name of the Vulnerable Software and Affected Versions Product Rearrange for WooCommerce versions n/a through 1.2.2 Description The software contains a flaw due to improper neutralization of special elements within an SQL command, leading to a potential SQL injection issue. Specifically, the...

WordPress plugin ElementInvader Addons for Elementor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

PT-2026-27881

Name of the Vulnerable Software and Affected Versions ElementInvader Addons for Elementor versions n/a through 1.4.2 Description The software contains a flaw due to improper neutralization of special elements within an SQL command, leading to a potential SQL injection. Specifically, the...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

CVE-2026-23921

A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not returned directly, an attacker can exfiltrate arbitrary database data...

SQL Injection

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to SQL Injection via the field name parameters of the aggregate $group pipeline stage or the distinct operation in the PostgreS...

EUVD-2019-20020

Inout Article Base CMS contains SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the 'p' and 'u' parameters. Attackers can inject SQL code using XOR-based payloads in GET requests to portalLogin.php to extract sensitive database information...

EUVD-2019-20016

Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id'...

CVE-2019-25641

The vulnerability is in Netartmedia Vlog System. An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL via the email parameter in the forgotten_password module (POST to index.php). This can expose sensitive data (as per description) and is categorized w...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624 SourceCodester Online Library Management System Parameter home.php sql injection

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

CVE-2026-4624

A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...

PT-2026-27522

A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update customer details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can...

PT-2026-27521

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...