8251 matches found
CVE-2025-11501
The Dynamically Display Posts plugin for WordPress is vulnerable to SQL Injection via the 'taxquery' parameter in all versions up to, and including, 1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible...
Base Digitale Centrax Open PSIM 安全漏洞
Base Digitale Centrax Open PSIM is a platform for physical security management from Base Digitale, Italy. A security vulnerability exists in Base Digitale Centrax Open PSIM version 6.1, which stems from mishandling of the datafine parameter and could lead to an SQL injection attack...
Ultimate PHP Board 安全漏洞
Ultimate PHP Board is a message board software from PHP Outburst open source. A security vulnerability exists in Ultimate PHP Board version 2.2.7, which stems from an unvalidated username field in lostpassword.php and could lead to a SQL injection attack...
CVE-2025-59213
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally...
CVE-2025-11177 External Login <= 1.11.2 - Unauthenticated SQL Injection via log
The External Login plugin for WordPress is vulnerable to SQL Injection via the 'log' parameter in all versions up to, and including, 1.11.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2025-10660
CVE-2025-10660 details (CWE: SQL Injection). The WP Dashboard Chat plugin for WordPress is vulnerable via the id parameter in all versions up to 1.0.3 due to insufficient escaping of user input and inadequate preparation of the existing SQL query. This enables authentication-conscious actors with...
Online Job Search Engine registration.php File SQL Injection Vulnerability
Online Job Search Engine is an online job search engine. Online Job Search Engine suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter txtusername in the file /registration.php. An attacker can exploit this...
WordPress plugin WP Google Map Plugin SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress...
Project Monitoring System useredit.php File SQL Injection Vulnerability
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...
Courier Management System add-courier.php File SQL Injection Vulnerability
Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...
WordPress plugin Wp tabber widget SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL injectio...
ERPNext import_coa function SQL injection vulnerability
ERPNext is an open source enterprise resource planning solution from ERPNext India. ERPNext suffers from a SQL injection vulnerability that stems from the lack of validation of the importcoa function's company parameter against externally entered SQL statements. An attacker can exploit this...
EUVD-2025-34289
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally...
CVE-2025-55320
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...
JDBC Driver for SQL Server Spoofing Vulnerability
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network...
Configuration Manager Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2025-10610
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection. This issue affects Winsure: through Version dated 21.08.2025...
EUVD-2025-34104
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34105
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...
EUVD-2025-34103
SQL injection in Ivanti Endpoint Manager allows a remote authenticated attacker to read arbitrary data from the database...