SQL Injection

Glances is vulnerable to SQL Injection. The vulnerability is due to constructing SQL queries using string concatenation with unsanitized data in the TimescaleDB export module, where values are wrapped in quotes without proper escaping, allowing attacker-controlled inputs e.g., process names or...

SQL Injection

Craft CMS is vulnerable to SQL Injection. The vulnerability is due to missing input sanitization in the ElementSearchController::actionSearch endpoint, which allows an attacker to inject malicious SQL queries via parameters like criteriawhere or criteriaorderBy and extract sensitive database...

CVE-2026-32366 WordPress Collapsing Categories plugin <= 3.0.9 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issue affects Collapsing Categories: from n/a through = 3.0.9...

CVE-2026-31917 WordPress WP ERP plugin <= 1.16.10 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2019-25514

CVE-2019-25514 affects the Jettweb PHP Hazir Haber Sitesi Scripti V3. The vulnerability is an SQL injection in the POST parameter kelime that can be manipulated with UNION-based payloads to extract data or bypass authentication. Impact shown as high confidentiality risk and low integrity risk (CV...

CVE-2026-32234

Parse Server vulnerability CVE-2026-32234 affects deployments using PostgreSQL. A crafted field name in a $regex query constraint can be interpolated into SQL when an attacker has master-key access, bypassing the Parse Server layer and enabling database-level SQL injection. Affected versions are ...

Exploit for SQL Injection in Easycms

NVD-CVE-2026-...

WordPress JetBooking plugin <= 4.0.3 - Unauthenticated SQL Injection via 'check_in_date' Parameter vulnerability

Unauthenticated SQL Injection via 'checkindate' Parameter vulnerability discovered by hoshino in WordPress Plugin JetBooking versions = 4.0.3...

EUVD-2026-11277

Parse Server vulnerable to SQL Injection via dot-notation sub-key name in Increment operation on PostgreSQL...

EUVD-2026-10816

Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting...

CVE-2025-56421

SQL Injection vulnerability in LimeSurvey before v.6.15.4+250710 allows a remote attacker to obtain sensitive information from the database...

Code-Projects Student Web Portal SQL注入漏洞

Code-Projects Student Web Portal is an open-source student portal developed by Code-Projects. Version 1.0 of the Code-Projects Student Web Portal contains a SQL injection vulnerability, which stems from the handling of the User parameter in the profile.php file, potentially leading to SQL injecti...

EUVD-2025-208351

The ZIP Code Based Content Protection plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 1.0.2 via the 'zipcode' parameter. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2018-25175 Alienor Web Libre 2.0 SQL Injection via index.php

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

WordPress Lisfinity Core plugin <= 1.5.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Lisfinity Core versions = 1.5.0...

SQL Injection

TypeORM is vulnerable to SQL Injection. The vulnerability is due to improper handling of object values in the sqlstring call where stringifyObjects defaults to false, which allows an attacker to inject crafted SQL through requests to repository.save or repository.update...

CVE-2026-2893 Page and Post Clone <= 6.3 - Authenticated (Contributor+) SQL Injection via 'meta_key' Parameter

The Page and Post Clone plugin for WordPress is vulnerable to SQL Injection via the 'metakey' parameter in the contentclone function in all versions up to, and including, 6.3. This is due to insufficient escaping on the user-supplied metakey value and insufficient preparation on the existing SQL...

CVE-2026-27428

CVE-2026-27428 affects the WordPress plugin Eagle Booking (Eagle Booking) up to version ≤1.3.4.3. The issue is an SQL Injection caused by improper neutralization of input in the plugin, enabling unauthorized SQL execution when exploited. The vulnerability is reported as requiring an authenticated...

CVE-2026-3486

A vulnerability has been found in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /admin/student-fee.php. Such manipulation of the argument rollno leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed t...

CVE-2026-26888

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/managestock.php...