26 matches found
CVE-2026-28210
This entry concerns CVE-2026-28210 affecting FreePBX (open source IP PBX). The vulnerability lies in the cdr (Call Data Record) module, where an SQL query injection affects versions prior to 16.0.49 and 17.0.7. The issue is caused by unsafe SQL construction within the cdr component, leading to po...
EUVD-2015-1065
Malware in sbrugna...
EUVD-2015-1050
Malware in sbrugna...
EUVD-2020-24098
Malware in sbrugna...
EUVD-2015-1073
Malware in sbrugna...
EUVD-2014-1245
Malware in sbrugna...
EUVD-2014-1218
Malware in sbrugna...
EUVD-2014-1212
Malware in sbrugna...
EUVD-2022-7370
Malicious code in bioql PyPI...
EUVD-2023-1216
Malicious code in bioql PyPI...
CVE-2023-30849
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...
CVE-2014-125077
A vulnerability, which was classified as critical, has been found in pointhi searxstats. This issue affects some unknown processing of the file cgi/cron.php. The manipulation leads to sql injection. The patch is named 281bd679a4474ddb222d16c1c380f252839cc18f. It is recommended to apply a patch to...
CVE-2013-10016
A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/savetaxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is...
CVE-2025-32389
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure ?param0=a1=b2=c utiliz...
CVE-2023-30848 Pimcore SQL Injection Vulnerability in Admin Search Find API
Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually...
Jeecg-boot is vulnerable to SQL injection
Jeecg-boot v3.4.4 was discovered to contain a SQL injection vulnerability via the component /sys/dict/queryTableData. A patch was released in commit 0fc374...
CVE-2015-10063 saemorris TheRadSystem _login.php redirect sql injection
A vulnerability was found in saemorris TheRadSystem and classified as critical. This issue affects the function redirect of the file login.php. The manipulation of the argument user/pass leads to sql injection. The attack may be initiated remotely. The identifier of the patch is...
CVE-2015-10047 KYUUBl school-register DBManager.java sql injection
A vulnerability was found in KYUUBl school-register. It has been classified as critical. This affects an unknown part of the file src/DBManager.java. The manipulation leads to sql injection. The patch is named 1cf7e01b878aee923f2b22cc2535c71a680e4c30. It is recommended to apply a patch to fix thi...
CVE-2014-125067
A vulnerability classified as critical was found in corincerami curiosity. Affected by this vulnerability is an unknown functionality of the file app/controllers/imagecontroller.rb. The manipulation of the argument sol leads to sql injection. The patch is named...
CVE-2007-10002 web-cyradm auth.inc.php sql injection
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/loginpassword/LANG leads to sql injection. The attack may be launched remotely. The name of the...