216734 matches found
PT-2026-28537
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is susceptible to a SQL injection issue in the objects/like.php file. The getLike method uses a prepared statement placeholder for users id but directly concatenates $this-videos id...
Tandoor Recipes SQL注入漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Recipe API endpoint exposing a hidden debug query...
PT-2026-28400
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
PT-2026-28245
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter byCommentCreatedFrom and filter...
FUEL CMS 安全漏洞
FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
PT-2026-28208
A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...
Wecodex Online Store System CMS SQL注入漏洞
Wecodex Online Store System CMS is a content management system for online stores developed by Wecodex. Version 1.0 of the Wecodex Online Store System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of email parameter inputs, which may lead to SQL...
PT-2026-28240
Name of the Vulnerable Software and Affected Versions Online Store System CMS version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries. This is achieved by sending POST requests to the 'index.php' endpoint with the action parameter set to...
PT-2026-28236
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2026-30463
CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...
Ory Kratos SQL注入漏洞
Ory Kratos is an open-source system developed by Ory, designed with developers in mind, featuring strong security measures and proven reliability. Prior to version 26.2.0, Ory Kratos had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which...
SourceCodester Sales and Inventory System SQL注入漏洞
The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the sid...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-006300)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006300 advisory. An issue was discovered in Django 4.2 before 4.2.24, 5.1 before 5.1.12, and 5.2 before 5.2.6. FilteredRelation is subject to SQL injection in column aliases, using a...
RHEL 9 : Satellite 6.17.7 Async Update (Important) (RHSA-2026:5970)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5970 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
RHEL 9 : Satellite 6.18.4 Async Update (Important) (RHSA-2026:5968)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5968 advisory. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to...
PT-2026-28651
Name of the Vulnerable Software and Affected Versions code-projects Simple Laundry System version 1.0 Description A security flaw exists in code-projects Simple Laundry System. The issue involves a SQL injection affecting the file /checkregisitem.php within the Parameter Handler component. The...
CVE-2026-4826 SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /updatestock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...
CVE-2026-33917 OpenEMR has SQL Injection in CAMOS Form
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0.3 contais a SQL injection vulnerability in the ajaxsave CAMOS form that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input...