216068 matches found
CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072 BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20071
The CVE concerns the WordPress plugin 404 Redirection Manager (version 1.0) for which an unauthenticated SQL injection is described. The vulnerability allows remote attackers to influence database queries and potentially extract sensitive data by sending crafted, unsanitized input via HTTP GET re...
CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
EUVD-2016-10883
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...
EUVD-2016-10881
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...
CVE-2016-20069 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...
exploit-scripts
Offensive Security Toolkit ╔═════════════════════════════...
CVE-2026-12206
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...
Exploit for CVE-2026-38812
text CVE ID CVE-2026-38812 PRODUC...
CVE-2026-12206 Grit42 Grit data_table_entity.rb DataTableEntity sql injection
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/datatableentity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-12206
Grit42 Grit (up to 0.11.0) contains a SQL injection in Grit::Assays::DataTableEntity (modules/assays/backend/app/models/grit/assays/data_table_entity.rb). The issue can be exploited remotely; a publicly available exploit exists. The vendor was contacted but did not respond. No remediation or vers...
CVE-2026-50890
CVE-2026-50890 affects grocy v4.6.0. A SQL injection flaw exists in the product-group parameter handling for the /stockreports/spendings endpoint, enabling attackers to craft SQL statements that can read sensitive database information. The connected sources confirm the vulnerability details but d...
PT-2026-49166
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data table entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-50890
Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
PT-2026-49410
Unauthenticated SQL Injection in WPGraphQL 2.11.1 versions...
PT-2026-49411
Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...
PT-2026-49395
Unauthenticated SQL Injection in GeekyBot = 1.2.0 versions...