itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the coursecode parameter in the file...

itsourcecode News Portal Project SQL注入漏洞

itsourcecode News Portal Project is an open-source news portal project developed by itsourcecode. Version 1.0 of the itsourcecode News Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter pagetitle in the file admin/contactus.ph...

PT-2026-21871

Name of the Vulnerable Software and Affected Versions itsourcecode College Management System version 1.0 Description A flaw exists in itsourcecode College Management System 1.0. The issue is due to SQL injection within the /login/login.php file. Manipulating the email argument can lead to a...

SourceCodester Simple and Nice Shopping Cart Script SQL注入漏洞

SourceCodester Simple and Nice Shopping Cart Script is an open-source shopping cart script developed by SourceCodester. Version 1.0 of the SourceCodester Simple and Nice Shopping Cart Script contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Username...

CVE-2026-3105

CVE-2026-3105 — Mautic is affected by a SQL injection vulnerability in the API endpoint that retrieves Contact Activity data. The root cause is improper validation of the sort direction parameter in the query construction for the Contact Activity timeline, allowing an authenticated user to inject...

Apache Superset allows privileged users to conduct error-based SQL Injection

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

CVE-2026-23980

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

CVE-2026-3069

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and ma...

CVE-2026-3068

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

CVE-2026-3068 itsourcecode Document Management System deluser.php sql injection

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the...

injectproof

InjectProof The SQL injection scanner that finds what sqlma...

CVE-2026-3042

A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public a...

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from SQL injections in the API endpoints used for retrieving contact activities...

PT-2026-21679

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An issue exists in Apache Superset that allows an authenticated user with read access to conduct error-based SQL injection. This is due to improper neutralization of special elements used in ...

New API 安全漏洞

The New API is an interface software developed by QuantumNous. Versions of the New API prior to 0.10.8-alpha.10 contained a security vulnerability. This vulnerability stems from SQL LIKE wildcard injections in the/api/token/search endpoint, which could lead to denial-of-service attacks through...

PT-2026-21810

Name of the Vulnerable Software and Affected Versions itsourcecode Document Management System version 1.0 Description A SQL injection issue exists due to the improper handling of the Username argument within the /loging.php component of the Login functionality. This allows for remote exploitation...

PT-2026-21799

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...

EasyDiscuss by Stackideas,, , SQL Injection

EasyDiscuss by Stackideas,, , SQL Injection...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...