PT-2026-26563

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin edit employee.php. Executing a manipulation of the argument First Name can lead to sql injection. It is possible to launch the attack remotely. The exploit...

Open Source Point of Sale SQL注入漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source POS framework. Open Source Point of Sale has a SQL injection vulnerability; this vulnerability stems from the project’s search function, which allows for SQL injections, potentially leading to arbitrary SQL...

WeGIA SQL注入漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions 3.6.5 and 3.6.6 of WeGIA contain SQL injection vulnerabilities. These vulnerabilities stem from a lack of content validation during the loading of SQL files by the loadBackupDB...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Search” in the file...

OneUptime SQL注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of column name validation in multiple query...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the/api/search/fullTextSearchBlock endpoint, which could allow...

PT-2026-26564

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admin edit supplier.php. The manipulation of the argument Supplier Name leads to sql injection. The attack can be initiated remotely. The...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection in the getAllCategories function via the doNotShowCats parameter due to insufficient sanitization, where only single quotes are stripped but...

BasicSQLiScanner

No d...

EUVD-2026-13093

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

PT-2026-26283

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the 'fields' parameter in all versions up to, and including, 1.6.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...

PT-2026-26250

🔴 CVE-2026-27413 - Critical Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile ... https://t.co/OrD4pUzaav https://t.co/t4vSMOeqXj...

WordPress plugin Profile Builder Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-208838

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

EUVD-2025-208836

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

CVE-2026-32611 Glances has a SQL Injection in DuckDB Export via Unparameterized DDL Statements

Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix commit 39161f0 addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use parameterized queries and psycopg.sql composable objects. However, the DuckDB export module...

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...

CVE-2025-67829

Mura before 10.1.14 allows beanFeed.cfc getQuery sortDirection SQL injection...

Cockpit SQL注入漏洞

Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...