PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “fullname” in the...

OpenChatBI SQL注入漏洞

OpenChatBI is an intelligent data analysis and visualization tool based on natural language dialogue, developed by Yu Zhong. Versions of OpenChatBI prior to 0.2.1 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of parameter ‘keywords’, which could lead ...

eDirectory SQL注入漏洞

eDirectory is an online directory website operated by eDirectory Inc. eDirectory has SQL injection vulnerabilities; these vulnerabilities stem from multiple SQL injection flaws, which could allow unverified attackers to bypass administrator authentication and disclose sensitive files...

OpenDocMan SQL注入漏洞

OpenDocMan is a free, web-based open-source document management system DMS from the OpenDocMan community. It aims to help companies meet ISO 17025 document management requirements. Version 1.3.4 of OpenDocMan contains a SQL injection vulnerability. This vulnerability allows unverified attackers t...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this vulnerability allows unverified attackers to manipulate database queries...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability, which stems from the injection of SQL code through the filterusermail parameter. This vulnerability may lead to SQL injection attacks...

PT-2026-30477

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

PT-2026-30486

C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users select.php endpoint with crafted...

PT-2026-30481

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

PilusCart SQL注入漏洞

PilusCart is an online store management system based on PHP and MySQL. Version 1.4.1 of PilusCart has a SQL injection vulnerability. This vulnerability stems from the send parameter, which allows for SQL injections. It may allow unverified attackers to manipulate database queries and extract...

PT-2026-30496

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu lev1 parameter to extract sensitive...

PT-2026-30330

Name of the Vulnerable Software and Affected Versions Directus affected versions not specified Description When GRAPHQL INTROSPECTION=false is configured, Directus blocks standard GraphQL introspection queries but the /graphql/system endpoint's server specs graphql resolver returns an equivalent...

CVE-2026-34825

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

CVE-2026-34934

Summary: PraisonAI is affected by a second‑order SQL injection in the get_all_user_threads flow. The function builds raw SQL queries by interpolating unescaped thread IDs retrieved from the DB, enabling an attacker to inject via update_thread. When PraisonAI loads the thread list, the payload can...

CVE-2026-34612 Kestra: Remote Code Execution via SQL Injection

Kestra is an open-source, event-driven orchestration platform. Prior to version 1.3.7, Kestra default docker-compose deployment contains a SQL Injection vulnerability that leads to Remote Code Execution RCE in the following endpoint "GET /api/v1/main/flows/search". Once a user is authenticated,...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

CVE-2026-34228 Emlog: CSRF in Backend Upgrade Interface Leading to Arbitrary Remote SQL Execution and Arbitrary File Write

Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This...

CVE-2026-5334

A weakness has been identified in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=edit=3 of the component Parameter Handler. This manipulation of the argument deptid causes sql injection. The attack is possible to be carried out...