8196 matches found
CVE-2019-25525
CVE-2019-25525 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the guests parameter that can be exploited via POST to the search/rentals endpoint, enabling unauthenticated attackers to bypass authentication and potentially extract or modify data. The provid...
CVE-2019-25522
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25519
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...
CVE-2019-25518 Jettweb PHP Hazir Haber Sitesi Scripti V1 SQL Injection via arama.php
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...
CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...
CVE-2026-4014
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...
EUVD-2026-11525
A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...
PT-2026-24981
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal id parameter. Attackers can send GET requests to gal.php with malicious gal id values to extract sensitive database information or...
PT-2026-24980
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
FeMiner wms SQL注入漏洞
FeMiner wms is a repository management system developed by FeMiner’s individual developers in China. Versions of FeMiner wms prior to version 1.0 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameters named “Name” in the file...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the poll parameter, which may...
Nesote Inout EasyRooms SQL注入漏洞
Nesote Inout EasyRooms is a hotel management system developed by Nesote Corporation. Version 1.0 of Nesote Inout EasyRooms has a SQL injection vulnerability. This vulnerability stems from the guests parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulat...
Netartmedia Event Portal SQL注入漏洞
Netartmedia Event Portal is an event registration management system operated by the Bulgarian company Netartmedia. Version 2.0 of Netartmedia Event Portal has a SQL injection vulnerability. This vulnerability stems from SQL injection in email parameters, which could allow unverified attackers to...
Netartmedia PHP Car Dealer SQL注入漏洞
Netartmedia PHP Car Dealer is a website system for car dealers operated by the Bulgarian company Netartmedia. Netartmedia PHP Car Dealer has a SQL injection vulnerability; this vulnerability stems from the SQL injection present in the features parameter, which may allow unverified attackers to...
PT-2026-24982
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo id parameter. Attackers can send GET requests to photo.php with malicious photo id values to extract sensitive data, bypass...
PT-2026-24970
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
Netartmedia Real Estate Portal SQL注入漏洞
Netartmedia Real Estate Portal is a real estate transaction website system operated by the Bulgarian company Netartmedia. Version 5.0 of Netartmedia Real Estate Portal has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the page parameter, which may allow...
PT-2026-24965
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. Attackers can send POST requests to the search endpoint with crafted SQL payloads to extract sensitiv...
PT-2026-25003
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...
EUVD-2025-208599
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...