CVE-2026-36941

CVE-2026-36941 affects Sourcecodester Online Resort Management System v1.0. Vulnerable component: /orms/admin/rooms/manage_room.php. Root cause: SQL Injection vulnerability in that file. Impact (per the entry): confidentiality impact is Low; no stated integrity or availability impact. Exploitatio...

CVE-2026-36920

CVE-2026-36920 affects Sourcecodester Online Reviewer System v1.0. The Red Hat, ENISA EUVD, CIRCL, NVD, CVE lists, and Vulners enrichment all indicate a SQL Injection vulnerability in /system/system/admins/assessments/examproper/questions-view.php. Root cause details are not explicitly provided b...

CVE-2026-36872

CVE-2026-36872 affects Sourcecodester Basic Library System v1.0, with a SQL Injection vulnerability in the script path /librarysystem/load_book.php. The connected records confirm the vulnerable endpoint but do not provide detailed root cause analysis, affected parameter names, or remediation step...

CVE-2026-36874

Sourcecodester Basic Library System v1.0 is affected by a SQL Injection in /librarysystem/load_student.php. The CVSSv3.1 base score is 2.7 (LOW) with confidentiality impact LOW and no demonstrated exploit details in the provided documents. No remediation or patch information is included in the co...

CVE-2026-36952

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php (CVE-2026-36952). The connected documents consistently describe the same issue, with no exploit details, affected version beyond v1.0, or remediation steps pr...

CVE-2026-36942

CVE-2026-36942: Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/activities/manage_activity.php. The linked records confirm a SQL injection flaw affecting that PHP file; CVSS 3.1 base shows low severity (2.7) with network access, low impact on conf...

CVE-2026-36947

CVE-2026-36947 affects Sourcecodester Computer and Mobile Repair Shop Management System v1.0. The vulnerability is a SQL Injection in /rsms/admin/services/view_service.php. CVSS v3.1 base score 2.7 (LOW) with network attack vector, low complexity, requiring high privileges and no user interaction...

CVE-2026-36946

CVE-2026-36946 affects Sourcecodester Computer and Mobile Repair Shop Management System v1.0. The vulnerability is an SQL injection in the file /rsms/admin/inquiries/view_details.php. The CVSS v3.1 data in the sources indicates: Network attack vector, low confidentiality impact, no integrity/avai...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...

WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

EUVD-2019-20131

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

EUVD-2019-20137

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

EUVD-2019-20128

ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collectionedit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...

SQL Injection

Overview dolibarr/dolibarr is a modern and easy to use web software to manage your business. Affected versions of this package are vulnerable to SQL Injection via the rowid parameter in the admin/dict.php process. An attacker can access sensitive database information and partially modify data by...

CVE-2019-25707

eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...

CVE-2019-25699

Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search...

CVE-2019-25697

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...

CVE-2018-25257

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...