CVE-2020-37035 e-learning Php Script 0.1.0 - 'search' SQL Injection

e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive...

Online-Exam-System – SQL Injection Vulnerabilities

Online-Exam-System is an online examination system developed by Sunny Prakash Tiwari. The 2015 version of Online-Exam-System has a SQL injection vulnerability. This vulnerability stems from parameters “fid” in the feedback module, which may allow attackers to manipulate database queries...

CVE-2021-47853

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

GHSA-86GH-C8R8-XWHQ phpPgAdmin contains a remote command execution vulnerability

phpPgAdmin 7.13.0 contains a remote command execution vulnerability that allows authenticated attackers to execute arbitrary system commands through SQL query manipulation. Attackers can create a custom table, upload a malicious .txt file, and use the COPY FROM PROGRAM command to execute operatin...

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

CVE-2021-47748

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

CVE-2021-47748 Hasura GraphQL 1.3.3 - Remote Code Execution

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the runsql endpoint by crafting malicious GraphQL queries that execute system commands through...

PT-2026-3794

Name of the Vulnerable Software and Affected Versions Hasura GraphQL version 1.3.3 Description Hasura GraphQL version 1.3.3 contains a remote code execution issue. Attackers can execute arbitrary shell commands through SQL query manipulation. The issue allows command injection into the run sql...

CVE-2022-50895

Aero CMS 0.0.1 contains a SQL injection vulnerability in the author parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, time-based, and UNION query techniques to extract sensitive database information and potentially compromise the...

CVE-2023-43790

iTop is an IT service management platform. By manipulating HTTP queries, a user can inject malicious content in the fields used for the object friendlyname value. This vulnerability is fixed in 3.1.1 and 3.2.0...

CVE-2023-53982

CVE-2023-53982 concerns PMB 7.4.6, where a SQL injection exists in the storage parameter of the ajax.php endpoint. The vulnerability stems from an unsanitized or improperly handled ‘id’ parameter, enabling remote attackers to manipulate database queries and potentially perform time-based blind SQ...

PT-2025-51295

Name of the Vulnerable Software and Affected Versions Bus Reservation System version 1.1 Description The Bus Reservation System version 1.1 contains a SQL injection issue in the pickup id parameter. This allows attackers to manipulate database queries using boolean-based, error-based, and...

PT-2025-46995

Name of the Vulnerable Software and Affected Versions SVX Portal version 2.7A Description A SQL injection flaw exists in SVX Portal version 2.7A. This issue is triggered by a specially crafted POST request sent to the /admin/update setings.php endpoint. Successful exploitation could allow an...

EUVD-2016-2383

Malware in sbrugna...

EUVD-2025-12427

Malicious code in bioql PyPI...

EUVD-2022-48755

Malicious code in bioql PyPI...

EUVD-2022-41794

Malicious code in bioql PyPI...

EUVD-2025-18659

Malicious code in bioql PyPI...

CVE-2025-59431 MapServer - WFS XML Filter Query SQL injection

MapServer is a system for developing web-based GIS applications. Prior to 8.4.1, the XML Filter Query directive PropertyName is vulnerably to Boolean-based SQL injection. It seems like expression checking is bypassed by introducing double quote characters in the PropertyName. Allowing to manipula...

CVE-2025-58454

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in WeGIA versions 3.4.10 and prior inthe endpoint /WeGIA/html/memorando/listardespachos.php, in the idmemorando parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL...