Lucene search
K

8340 matches found

NVD
NVD
added 2026/01/29 3:16 p.m.9 views

CVE-2026-1594

A security vulnerability has been detected in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/addexpenses.php. The manipulation of the argument detail leads to sql injection. Remote exploitation of the attack is possible. The...

9.8CVSS0.00478EPSS
Exploits1References5
NVD
NVD
added 2026/01/29 3:16 p.m.10 views

CVE-2020-36999

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

8.8CVSS0.00303EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:44 p.m.3 views

CVE-2025-7714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Global Interactive Design Media Software Inc. Content Management System CMS allows Command Line Execution through SQL Injection. This issue affects Content Management System CMS: through 21072025...

9.8CVSS5.7AI score0.00321EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:32 p.m.5 views

CVE-2026-1593

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexpensesquery.php. Executing a manipulation of the argument detail can lead to sql injection. The attack may be launched remotely. The...

7.5CVSS5.8AI score0.00468EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/29 2:28 p.m.4 views

CVE-2020-37008 EasyPMS 1.0.0 - Authentication Bypass

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

8.7CVSS5.9AI score0.00456EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 2:28 p.m.5 views

EUVD-2020-30903

EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without...

8.7CVSS5.9AI score0.00456EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.5 views

CVE-2020-37005

TimeClock Software 1.01 contains an authenticated time-based SQL injection vulnerability that allows attackers to enumerate valid usernames by manipulating the 'notes' parameter. Attackers can inject conditional time delays in the addentry.php endpoint to determine user existence by measuring...

7.1CVSS5.9AI score0.00264EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/29 2:28 p.m.4 views

CVE-2020-36999

Elaniin CMS 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard by manipulating the login page with SQL injection. Attackers can bypass authentication by sending crafted email and password parameters with '=''or' payload to login.php, granting...

8.8CVSS5.9AI score0.00303EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/01/29 2:2 p.m.6 views

EUVD-2026-4988

A vulnerability was identified in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/faculty/index.php. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be...

7.5CVSS5.8AI score0.00379EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5332

birkir prime = 0.4.0.beta.0 contains a cross-site request forgery vulnerability in its GraphQL endpoint that allows attackers to exploit GET-based query requests. Attackers can craft malicious GET requests to trigger unauthorized actions against privileged users by manipulating GraphQL query...

5.3CVSS5.8AI score0.0014EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

Elaniin CMS SQL injection vulnerability

Elaniin CMS is an open-source content management system created using PHP and MySQL by Elaniin. Version 1.0 of Elaniin CMS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the login page, which may lead to authentication bypass...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References4
Redos
Redos
added 2026/01/29 12:0 a.m.6 views

ROS-20260129-73-0044

Vulnerability in python-django related to failure to protect sql query structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

4.3CVSS6.2AI score0.00904EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/28 9:17 p.m.7 views

CVE-2026-1481

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 9:16 p.m.3 views

CVE-2026-1534

A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...

9.8CVSS5.8AI score0.00416EPSS
Exploits1References5
NVD
NVD
added 2026/01/28 6:16 p.m.8 views

CVE-2025-57793

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user-supplied input in a web application component. Crafted input can be executed as part of backend database queries. The issue is exploitable without authentication, significantly...

8.6CVSS0.00325EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 6:16 p.m.7 views

CVE-2025-57792

Explorance Blue versions prior to 8.14.9 contain a SQL injection vulnerability caused by insufficient validation of user input in a web application endpoint. An attacker can supply crafted input that is executed as part of backend database queries. The issue is exploitable without authentication,...

10CVSS0.0039EPSS
Exploits0References4
CVE
CVE
added 2026/01/28 4:5 p.m.18 views

CVE-2026-22243

CVE-2026-22243 — EGroupware SQL Injection (Nextmatch filter processing) Affected software: EGroupware web-based groupware server (PHP), versions prior to 23.1.20260113 and 26.0.20260113. Root cause and vulnerability: An authenticated SQL Injection exists in the Nextmatch filter processing. The is...

8.8CVSS6AI score0.0036EPSS
Exploits3References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5224

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0. The issue involves the manipulation of the ID argument, leading to SQL injection. This can be exploited remotely through a file locat...

7.5CVSS5.8AI score0.00416EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.8 views

jshERP SQL Injection Vulnerability

jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “barCodes” in the “getBillItemByParam” function located in the...

9.8CVSS6.7AI score0.00343EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/01/28 12:0 a.m.5 views

WebDamn User Registration Login System SQL Injection Vulnerability

The WebDamn User Registration Login System is a user registration and login module developed by WebDamn Corporation. The WebDamn User Registration Login System has a SQL injection vulnerability, which stems from improper handling of email credentials. This vulnerability may lead to SQL injection...

8.8CVSS5.8AI score0.00406EPSS
Exploits0References4
Rows per page
Query Builder