25522 matches found
PT-2026-30596
Name of the Vulnerable Software and Affected Versions Easy Blog Site version 1.0 Description A security issue exists in Easy Blog Site 1.0 related to the login functionality within the login.php file. Manipulation of the username and password arguments can lead to SQL injection. The attack can be...
Code-Projects Online Application System for Admission SQL注入漏洞
Code-Projects Online Application System for Admission is an online application system developed by Code-Projects. Version 1.0 of the Code-Projects Online Application System for Admission contains a SQL injection vulnerability. This vulnerability stems from incorrect operations on the...
PHPGurukul Online Shopping Portal Project SQL注入漏洞
The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...
WeGIA SQL注入漏洞
WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from the idmemorando parameter in the dao/memorando/DespachoDAO.php file being used in SQL queries without...
PT-2026-30868
Name of the Vulnerable Software and Affected Versions Vite versions 7.1.0 through 7.3.1 and 8.0.0 through 8.0.4 Description Vite, a frontend tooling framework for JavaScript, allows retrieval of files blocked by server.fs.deny such as .env and .crt files with HTTP 200 responses when specific quer...
PT-2026-30599
A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has...
SQL Injection
Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to...
SQL Injection
Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database b...
EUVD-2019-20113
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'idtomodify' parameter. Attackers can send crafted requests with malicious SQL statements in the idtomodify field to extract sensitive database...
EUVD-2019-20102
OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...
EUVD-2019-20095
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract...
EUVD-2019-20115
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...
EUVD-2019-20119
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...
EUVD-2019-20111
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...
CVE-2019-25694
Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...
CVE-2019-25663
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...
CVE-2019-25704 Kados R10 GreenBee SQL Injection via filter_user_mail
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...
CVE-2019-25702
Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...
CVE-2019-25700
Summary: CVE-2019-25700 affects Kados R10 GreenBee, where an SQL injection vulnerability exists via the sort_direction parameter. The root cause is unsafely constructed database queries that allow attacker-controlled SQL code to be injected. Impact (as stated): attackers could extract sensitive d...
CVE-2019-25702
Kados R10 GreenBee is affected by an SQL injection via the id_project parameter. The vulnerability allows attackers to manipulate database queries to exfiltrate data or modify data. Known CVE records provide CVSS v3.1 (8.2, HIGH) and CVSS v4.0 (8.8, HIGH) impact metrics, with NETWORK attack vecto...