EUVD-2025-206728

SQL Injection vulnerability in Shandong Kede Electronics Co., Ltd IoT smart water meter monitoring platform v.1.0 allows a remote attacker to execute arbitrary code via the imeilist.aspx file...

CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

PT-2026-6462

Summary FacturaScripts contains a critical SQL Injection vulnerability in the autocomplete functionality that allows authenticated attackers to extract sensitive data from the database including user credentials, configuration settings, and all stored business data. The vulnerability exists in th...

PT-2026-5908

Name of the Vulnerable Software and Affected Versions Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System versions through 03022026 Description The software contains a flaw related to improper neutralization of special elements within SQ...

PT-2026-5982

Name of the Vulnerable Software and Affected Versions JEEWMS version 1.0 Description JEEWMS 1.0 is susceptible to SQL Injection. An attacker can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do API endpoint. Recommendations Apply appropriate input...

Fikir Odalari AdminPando SQL注入漏洞

Fikir Odalari AdminPando is a backend management system operated by the Turkish company Fikir Odalari. Version 1.0.1 of Fikir Odalari AdminPando before January 26, 2026 contained an SQL injection vulnerability. This vulnerability stemmed from the username and password parameters used in the login...

JeecgBoot SQL注入漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Version 3.9.0 of JeecgBoot contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “keyword” in the file...

Plikli CMS 4.0.0 Blind SQL Injection

A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...

📄 FreePBX Endpoint Authentication Bypass / SQL Injection

This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

PT-2026-5560

Name of the Vulnerable Software and Affected Versions PHP Melody version 3.0 Description PHP Melody version 3.0 has a remote SQL injection issue in the video edit module. Authenticated attackers can inject malicious SQL commands through the unvalidated vid parameter. Successful exploitation allow...

PYSEC-2026-115

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting XSS attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

CVE-2020-37051

Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' endpoint by crafting malicious payload requests that use time delays to systematically enumerate use...

CVE-2020-37057 Online-Exam-System 2015 - 'fid' SQL Injection

Online-Exam-System 2015 contains a SQL injection vulnerability in the feedback module that allows attackers to manipulate database queries through the 'fid' parameter. Attackers can inject malicious SQL code into the 'fid' parameter to potentially extract, modify, or delete database information...

CVE-2025-36001 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

CVE-2026-1701 itsourcecode School Management System index.php sql injection

A security vulnerability has been detected in itsourcecode School Management System 1.0. This issue affects some unknown processing of the file /enrollment/index.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-4686

CVE-2025-4686 concerns an SQL Injection in Kodmatic Computer Software’s Online Exam and Assessment product. The issue is described as improper neutralization of special elements used in SQL commands, enabling an injection that can impact confidentiality (low), integrity (low), and availability (h...