EUVD-2025-206820

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Martcode Software Inc. Delta Course Automation allows SQL Injection.This issue affects Delta Course Automation: through 04022026. NOTE: The vendor was contacted early about this disclosure but did...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

Ofensive-security

This repository contains my Offensive Cyber Security / Penetrati...

EUVD-2026-5510

The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

CVE-2025-15268

The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...

Parse Server - GraphQL Schema Information Disclosure

The Parse Server GraphQL API previously allowed public access to the GraphQL schema without requiring a session token or the master key. While schema introspection reveals only metadata and not actual data, this metadata can still expand the potential attack surface. id: CVE-2025-53364 info: name...

PT-2026-5909

Name of the Vulnerable Software and Affected Versions Delta Course Automation versions through 04022026 Description Delta Course Automation is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized...

Martcode Delta Course Automation SQL注入漏洞

Martcode Delta Course Automation is an automated marketing and course management system developed by the Turkish company Martcode. Versions of Martcode Delta Course Automation prior to 04022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of...

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

CVE-2020-37105

PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...

CVE-2026-1287 Potential SQL injection in column aliases via control characters

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...

EUVD-2026-5306

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through = 3.6.16...

CVE-2026-25022 WordPress KiviCare plugin <= 3.6.16 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through = 3.6.16...

CVE-2026-25022

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through = 3.6.16...

SIGB PMB SQL注入漏洞

SIGB PMB is an open-source integrated library management system developed by SIGB Corporation. Version 5.6 of SIGB PMB contains a SQL injection vulnerability. This vulnerability stems from the logid parameter in the management download script, which allows for SQL injections. As a result,...

pearweb SQL注入漏洞

PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect subscription deletion operations, which allowed attackers to inject SQL commands through specially crafte...

OXID eShop SQL注入漏洞

OXID eShop is an online e-commerce platform provided by the German company OXID. Versions of OXID eShop prior to 6.3.4 had a SQL injection vulnerability. This vulnerability stemmed from the sorting parameter, which was vulnerable to SQL injection attacks, potentially allowing for the execution of...

YouDataSum CPAS Audit Management System 安全漏洞

YouDataSum CPAS Audit Management System is a data auditing software developed by YouDataSum Corporation. Versions of YouDataSum CPAS Audit Management System prior to v4.9 contained security vulnerabilities. These vulnerabilities were due to insufficient validation of parameter inputs, which could...

Emit Efficiency Management System SQL注入漏洞

Emit Efficiency Management System is a business process and efficiency management platform developed by the Turkish company Emit. Versions of the Emit Efficiency Management System prior to 03022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of speci...