WWBN AVideo SQL注入漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the livescheduleid parameter in the remindMe.json.php endpoint, which could...

CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

EUVD-2026-14275

The 'The Ultimate WordPress Toolkit – WP Extended' plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.4. This is due to the isDashboardOrProfileRequest method in the Menu Editor module using an insecure strpos check against $SERVER'REQUESTURI' to...

CVE-2026-4533 code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-4533

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

PT-2026-27012

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...

Aix-DB SQL注入漏洞

Aix-DB is an intelligent data analysis and visualization system developed by AiAdventurer developers. Versions of Aix-DB 1.2.3 and earlier have a SQL injection vulnerability. This vulnerability arises from incorrect operations with the parameter Description in the unknown functions of the file...

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Versions of Code-Projects Simple Gym Management System prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect operations with the parameters...

CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

EUVD-2019-19895

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

EUVD-2019-19903

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

EUVD-2019-19899

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

EUVD-2019-19898

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2019-25575

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2019-25580 ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

CVE-2019-25578 phpTransformer 2016.9 SQL Injection via GeneratePDF.php

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

CVE-2019-25575

SimplePress CMS 1.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'p' and 's' parameters. Attackers can send GET requests with crafted SQL payloads to extract sensitive database information...

CVE-2026-3478

The Content Syndication Toolkit plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.3 via the reduxp AJAX action in the bundled ReduxFramework library. The plugin registers a proxy endpoint wpajaxnoprivreduxp that is accessible to...

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

CVE-2026-2503 ElementCamp <= 2.3.6 - Authenticated (Author+) SQL Injection via 'meta_query[compare]' Parameter

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...