CVE-2026-8125

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

PT-2026-38644

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the msgid argument is manipulated, allowing an attacker to...

SOPlanning SQL注入漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the projects.php file, and it could be exploited by authenticated users...

PT-2026-38676

Name of the Vulnerable Software and Affected Versions OttoKit: All-in-One Automation Platform WordPress plugin versions prior to 1.1.23 Description Insufficient sanitization of user input used in a SQL statement allows unauthenticated attackers to perform SQL injection attacks. Recommendations...

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

Fedora 44 : proftpd (2026-549ee32ea1)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-549ee32ea1 advisory. Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via modsql CVE-2026-42167. Note that modsql is not enabled by...

Code-Projects Simple Chat System 注入漏洞

Code-Projects Simple Chat System is an easy-to-use chat system developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple Chat System has a SQL injection vulnerability, which arises from the validations of the parameters type/length/business in the sendMessage.php file,...

SourceCodester Comment System 注入漏洞

The SourceCodester Comment System is an open-source comment system developed by SourceCodester. Version 1.0 of the SourceCodester Comment System has a vulnerability caused by SQL injection due to the parameter manipulation in the file postcomment.php. This vulnerability could be exploited through...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

PT-2026-38652

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection exists in the wishlist.php file. This issue occurs when the delwlistid argument is manipulated, allowing an attacker to execute unauthorized database queries...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

Beauty Parlour Management System SQL注入漏洞

Beauty Parlour Management System is a beauty salon management system developed by Darkseid’s developers. Version 1.1 of Beauty Parlour Management System has a SQL injection vulnerability. This vulnerability stems from the aptnumber parameter in the /appointment-detail.php endpoint, which may allo...

PT-2026-39137

Name of the Vulnerable Software and Affected Versions Beauty Parlour Management System version 1.1 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the aptnumber parameter in the '/appointment-detail.php' endpoint...

Linux Distros Unpatched Vulnerability : CVE-2026-41889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

PT-2026-38642

Name of the Vulnerable Software and Affected Versions SourceCodester Comment System version 1.0 Description An issue exists in the processing of the 'post comment.php' file. Manipulation of the Name argument allows for SQL injection, which can be exploited remotely. Recommendations At the moment,...

CVE-2024-33722

SOPlanning 1.52.00 is affected by an authenticated SQL Injection in the projets.php page (statut[] parameter). The CVE-2024-33722 entry shows a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) with an authenticated, low-privilege actor able to induce database queries via a crafted ...

PT-2026-38653

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...