216331 matches found
Dolibarr ERP CRM 注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Versions of Dolibarr ERP CRM 23.0.2 and earlier had a injection vulnerability. This vulnerability stemmed from the operation of the fields parameter in the checkValForAPI function of the Shipments API...
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 注入漏洞
Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform is a power operation and maintenance cloud platform developed by Acrel Corporation. Version 1.3.0 of the Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform contains a SQL injection...
PT-2026-36679
Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 2026.01 Description A SQL injection issue exists in the getDataBySQL function within the file yudao-module-report-biz/src/main/java/io/github/ruoyi/report/service/impl/GoViewDataServiceImpl.java. This flaw...
CVE-2026-7670
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
CVE-2026-7670 Jinher OA UserSel.aspx sql injection
A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file /C6/JHSoft.Web.PlanSummarize/UserSel.aspx. This manipulation of the argument DeptIDList causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may b...
clan-nxt-toolkit
🔴 CLAN NXT Toolkit ██████╗██╗ █████╗ ███╗ ██╗...
CVE-2026-7632 code-projects Online Hospital Management System viewappointment.php sql injection
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...
CVE-2026-7632
A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...
Exploit for CVE-2026-42167
Description This repository contains a functional exploit for...
CVE-2026-4061
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4062
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
EUVD-2026-26779
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4061 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'map_post_type' Parameter
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'mapposttype' parameter in all versions up to, and including, 1.13.18. This is due to the SearchResults hook explicitly calling stripslashesdeep$POST which removes WordPress magic quotes protection, followed by...
CVE-2026-4061
The CVE concerns the WordPress plugin Geo Mashup (Geo Mashup) up to version 1.13.18, where a Time-Based SQL Injection exists via the map_post_type parameter. The vulnerability stems from the SearchResults hook calling stripslashes_deep($_POST), removing protection, and then concatenating the unsa...
CVE-2026-4062 Geo Mashup <= 1.13.18 - Unauthenticated Time-Based SQL Injection via 'object_ids' Parameter
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'objectids' and 'excludeobjectids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existin...
EUVD-2026-26778
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The escsql functi...
CVE-2026-7612
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...
CVE-2026-7489
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
CVE-2026-7612 itsourcecode Courier Management System edit_user.php sql injection
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...
CVE-2026-7612 itsourcecode Courier Management System edit_user.php sql injection
A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edituser.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may ...