CVE-2026-4237 itsourcecode Free Hotel Reservation System index.php sql injection

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/modreports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-4223 itsourcecode Payroll Management System manage_employee.php sql injection

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manageemployee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might b...

PT-2026-25681

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2026-3980

CVE-2026-3980 affects the itsourcecode Online Doctor Appointment System 1.0. The vulnerability is in the /admin/patient_action.php routine, where manipulating the argument patient_id enables an SQL injection. It can be exploited remotely, and public disclosure is noted; exploitation status varies...

CVE-2026-3969

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/departaddbg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...

CVE-2026-3957

A flaw has been found in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This vulnerability affects the function getLikeMovieList of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/HomeController.java of the component Endpoint. Executing a manipulation...

CVE-2026-3956

A vulnerability was detected in xierongwkhd weimai-wetapp up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. This affects the function getAdmins of the file source-code/src/main/java/com/moke/wp/wxweimai/controller/admin/AdminAdminUserController.java. Performing a manipulation of the argument keywor...

CVE-2026-3944

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /attadd.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-3765

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-3793

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

PT-2026-24203

Name of the Vulnerable Software and Affected Versions Nefteprodukttekhnika BUK TS-G Gas Station Automation System version 2.9.1 Description The system contains a SQL Injection issue in the system configuration module. An attacker can send crafted HTTP POST requests to the /php/request.php endpoin...

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

CVE-2026-3757

A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm results in sql injection. The attack may be launched remotely. The exploit has been released to t...

CVE-2026-3818

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3818 Tiandy Easy7 CMS Windows GetDBData.jsp sql injection

A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The...

CVE-2026-3792

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchaseinvoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The explo...

CVE-2026-3785 EasyCMS Request Parameter RbacnodeAction.class.php sql injection

A vulnerability was identified in EasyCMS up to 1.6. The affected element is an unknown function of the file /RbacnodeAction.class.php of the component Request Parameter Handler. The manipulation of the argument order leads to sql injection. The attack can be initiated remotely. The exploit is...

EUVD-2026-10270

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacherid can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

CVE-2026-3767

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacherid can lead to sql injection. The attack may be launched remotely. The exploit has been ma...

CVE-2026-3765

A vulnerability is identified in itsourcecode University Management System 1.0 affecting the file /att_single_view.php. The issue stems from manipulation of the dt argument, enabling SQL injection. Exploitation can be performed remotely, and public exploits exist. Multiple connected sources (NVD,...