217415 matches found
Subscribe to Category <= 2.7.4 - SQL Injection
The Subscribe to Category contains a sqlinjection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL commands, exploit requires user interaction. id: CVE-2023-32590 info: name: Subscribe to Category = 2.7.4 - SQL Injection author:...
Piwigo 13.7.0 - SQL Injection
Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header User-Agent is vulnerable at the endpoint that records user information when logging in to the...
Hongjing e-HR 2020 - SQL Injection
A vulnerability, which was classified as critical, has been found in Hongjing e-HR 2020. Affected by this issue is some unknown functionality of the file /wselfservice/oauthservlet/%2e./.%2e/general/inform/org/loadhistroyorgtree of the component Login Interface. The manipulation of the argument...
Mingsoft MCMS 5.2.9 - SQL Injection
Mingsoft MCMS v5.2.9 contains a SQL injection caused by unsanitized categoryType parameter at /content/list.do, letting attackers execute arbitrary SQL commands, exploit requires crafted input. id: CVE-2023-50578 info: name: Mingsoft MCMS 5.2.9 - SQL Injection author: ritikchaddha severity:...
WordPress GamiPress <= 2.5.7 - SQL Injection
The GamiPress plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 2.5.7 due to insufficient escaping on the user supplied parameter '$qv$fieldid' and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
LogDash Activity Log <= 1.1.3 - SQL Injection
The LogDash Activity Log plugin for WordPress is vulnerable to SQL Injection via the username parameter in all versions up to, and including, 1.1.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
ECTouch v2 - SQL Injection
ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr'id' parameter at \default\helpers\insert.php. id: CVE-2023-39560 info: name: ECTouch v2 - SQL Injection author: s4e-io severity: critical description: | ECTouch v2 was discovered to contain a SQL injection vulnerabili...
Wordpress Gift Cards <= 4.3.1 - SQL Injection
The Gift Cards Gift Vouchers and Packages WordPress Plugin, version = 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgvdoajaxvoucherpdfsavefunc action. id: CVE-2023-28662 info: name: Wordpress Gift Cards = 4.3.1 - SQL Injection author: xxcd...
Quiz and Survey Master <= 8.1.4 - SQL Injection
ExpressTech Quiz And Survey Master versions up to 8.1.4 contains an SQL injection caused by improper neutralization of special elements used in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires user interaction. id: CVE-2023-28787 info: name: Quiz and Survey Master =...
Cacti 1.2.24 - SQL Injection
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graphview.php. Since guest users can access graphview.php without authentication by default, if guest users are being utilized in an enabled state, there...
Slimstat Analytics < 4.9.3.3 Subscriber - SQL Injection
The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query. id: CVE-2023-0630 info: name: Slimstat Analytics 4.9.3.3 Subscriber - SQL Injection author: DhiyaneshDK severity: high description...
404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection
The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. id: CVE-2015-9323 info: name: 404 to 301 = 2.0.2 - Authenticated Blind SQL Injection author: Harsh severity: critical description: | The 404 to 301 –...
Vendure Core - SQL Injection
Vendure, an open-source headless commerce platform built on Node.js/TypeScript, contains a critical SQL injection vulnerability in its Shop API. The languageCode query parameter is interpolated directly into a raw SQL CASE expression in ProductService.findOneBySlug without parameterization or inp...
phpMyFAQ <= 4.1.1 - SQL Injection
phpMyFAQ before 4.1.2 contains an unauthenticated SQL injection vulnerability in BuiltinCaptcha::garbageCollector and BuiltinCaptcha::saveCaptcha methods that interpolate unsanitized User-Agent headers into DELETE and INSERT queries. Unauthenticated attackers can exploit the public GET /api/captc...
Geo Mashup <= 1.13.17 - SQL Injection
Geo Mashup WordPress plugin = 1.13.17 contains a SQL injection caused by insufficient escaping of the 'sort' parameter, letting unauthenticated attackers extract sensitive database information remotely. id: CVE-2026-2416 info: name: Geo Mashup = 1.13.17 - SQL Injection author: Shivam Kamboj...
LiteLLM - SQL Injection
LiteLLM 1.81.16 to 1.83.7 contains a SQL injection caused by improper handling of caller-supplied key in database query during proxy API key checks, letting unauthenticated attackers read and modify database data, exploit requires crafted Authorization header. id: CVE-2026-42208 info: name: LiteL...
WordPress Newsletters <= 4.13 - Unauthenticated SQL Injection
Newsletters WordPress plugin = 4.13 contains a time-based SQL injection caused by insufficient escaping of the 'wpmlsubscriberid' parameter, letting unauthenticated attackers extract sensitive database information. id: CVE-2026-3018 info: name: WordPress Newsletters = 4.13 - Unauthenticated SQL...
NocoBase - SQL Injection
NocoBase @nocobase/plugin-collection-sql versions prior to 2.0.39 are vulnerable to SQL injection via the sqlCollection:update endpoint. The checkSQL function, which blocks dangerous SQL keywords and ensures only SELECT statements are allowed, is not called during collection updates. id:...
WordPress ARMember Premium <= 7.3.1 - Unauthenticated SQL Injection
The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'armdirectorypagingaction' AJAX action in all versions up to, and including, 7.3.1. This is due to insufficient escaping on the user-supplied 'order' and 'orderby' parameters and the lack of...
Vanna - SQL injection
Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents . This can lead to...