23 matches found
CVE-2025-12166
CVE-2025-12166 refers to blind SQL Injection in the WordPress plugin Booking Calendar — Simply Schedule Appointments (versions up to 1.6.9.9). The issue arises from insufficient escaping of user-supplied input in the order/append_where_sql parameters, enabling unauthenticated queries that could e...
CVE-2019-7478
A vulnerability in GMS allow unauthenticated user to SQL injection in Webservice module. This vulnerability affected GMS versions GMS 8.4, 8.5, 8.6, 8.7, 9.0 and 9.1...
EUVD-2020-3947
Malware in sbrugna...
EUVD-2019-17020
Malware in sbrugna...
EUVD-2023-43103
Malicious code in bioql PyPI...
CVE-2025-8914
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...
CVE-2025-34136 Commvault CommServe Web Server Unauthenticated SQL Injection
An SQL injection vulnerability exists in Commvault 11.32.0 - 11.32.93, 11.36.0 - 11.36.51, and 11.38.0 - 11.38.19 Web Server component that allows a remote, unauthenticated attacker to perform SQL Injection. The vulnerability impacts systems where the CommServe and Web Server roles are installed...
CVE-2025-4578
CVE-2025-4578 affects the WordPress File Provider plugin (
CVE-2023-49641
Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the loginCheck.php resource does not validate the characters received and they are sent unfiltered to the database...
PT-2025-20853 · Ozw772 +1 · Ozw772 +1
Name of the Vulnerable Software and Affected Versions: OZW672 versions prior to V6.0 OZW772 versions prior to V6.0 Description: A vulnerability has been identified in the web service of affected devices, making it vulnerable to SQL injection when checking authentication data. This could allow an...
CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...
CVE-2025-24799 GLPI allows unauthenticated SQL injection through the inventory endpoint
GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18...
CVE-2025-2221 WPCOM Member <= 1.7.6 - Unauthenticated Time-Based SQL Injection
The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘userphone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...
User Registration And Login And User Management System 3.2 SQL Injection Vulnerability
Exploit Title: User Registration & Login and User Management System v3.2 - SQL Injection Unauthenticated Exploit Author: Yusuf DİNÇ Google Dork: NA Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/...
wpDiscuz < 7.6.6 - Unauthenticated SQL Injection
Description The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users...
Users Ultra <= 3.1.0 - Unauthenticated SQL Injection
The plugin fails to properly sanitize and escape the datatarget parameter before it is being interpolated in an SQL statement and then executed via the ratingvote AJAX action available to both unauthenticated and authenticated users, leading to an SQL Injection. curl...
Simple Link Directory < 7.7.2 - Unauthenticated SQL injection
The plugin does not validate and escape the postid parameter before using it in a SQL statement via the qcopdupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection curl 'http://example.com/wp-admin/admin-ajax.php' --data...
GWA AutoResponder <= 2.3 - Unauthenticated SQL Injection
The plugin does not validate and escape the listid before using it in SQL statements, leading to SQL Injections which can be exploited by unauthenticated users...
wpDataTables < 3.4.1 - Unauthenticated SQL Injection
In the default configuration, a simple table can be published in a page that does not require authentication. The table can be searched, and is vulnerable to SQL Injection via the order parameter. An unauthenticated user visiting the page where the table is published can perform a SQL injection...