CVE-2026-24913

MATCHA INVOICE versions 2.6.6 and earlier are affected by an SQL Injection vulnerability. The flaw allows an authenticated user to obtain or alter data stored in the database through exploitation of unsafely handled input in the application. The description does not specify exact vulnerable compo...

PT-2026-31394

Name of the Vulnerable Software and Affected Versions SonicWall SMA1000 series appliances Description An SQL injection flaw exists in SonicWall SMA1000 series appliances. A remote authenticated attacker with read-only administrator privileges can escalate privileges to primary administrator. The...

PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Corporation. Version 3.1 of PHPGurukul Online Course Registration contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ‘cid’ in the file...

CVE-2026-34885

This CVE affects the WordPress plugin Media Library Assistant (

CVE-2026-5646

Vulnerability CVE-2026-5646 affects code-projects Easy Blog Site 1.0, specifically the login.php file. The issue arises from manipulating the username/password parameters, leading to a SQL injection in a function handling authentication. Attack vector is network remote, with low attack complexity...

CVE-2026-28805

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the optionsstato GET parameter. The user-supplied value is read from...

CVE-2026-33614

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

PT-2026-29953

Fleet vulnerable to SQL Injection in MDM bootstrap package by authenticated team or global admin in github.com/fleetdm/fleet...

Code-Projects Student Membership System SQL注入漏洞

Code-Projects Student Membership System is an open-source student management system developed by Code-Projects. Version 1.0 of the Code-Projects Student Membership System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file...

CVE-2026-33755

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...

CVE-2026-30533

CVE-2026-30533 targets SourceCodester Online Food Ordering System v1.0. The vulnerability is a SQL Injection in admin/manage_product.php via the id parameter. Reported metrics show CVSS v3.1 base score 9.8 (CRITICAL, NETWORK vector, no user interaction). Affected component: admin/manage_product.p...

Code-Projects Social Networking Site SQL注入漏洞

Code-Projects Social Networking Site is an open-source social networking site developed by Code-Projects. Version 1.0 of Code-Projects Social Networking Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file deletephotos.php, whic...

CVE-2026-3334

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...

CVE-2025-55262

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database...

CVE-2025-55270 HCL Aftermarket DPC is affected by Improper Input Validation

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...

CVE-2018-25195 Wecodex Hotel CMS 1.0 SQL Injection via Admin Login

Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...

EUVD-2026-15907

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

EUVD-2026-15691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...

SQL Injection

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to SQL Injection via the remindMe.json.php file. An attacker can extract sensitive database contents or modify data by supplying crafted input to the livescheduleid...

CVE-2026-32539 WordPress PublishPress Revisions plugin <= 3.7.23 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in PublishPress PublishPress Revisions revisionary allows Blind SQL Injection.This issue affects PublishPress Revisions: from n/a through = 3.7.23...