CVE-2026-10202

A vulnerability was identified in OFCMS 1.1.3. This issue affects the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SystemDictController.java of the component JSON Query Interface. The manipulation leads to sql injection. The attack can be initiated...

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

PT-2026-45425

A vulnerability was found in SourceCodester Computer Repair Shop Management System up to 1.0. Affected is an unknown function of the file /admin/products/manage product.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been mad...

WordPress plugin WP AutoSuggest has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CodeAstro Online Job Portal SQL Injection Vulnerability

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the file/users/applicationstatus.php, which may lead to SQL...

CodeAstro Online Job Portal SQL Injection Vulnerability

CodeAstro Online Job Portal is an online job portal operated by CodeAstro Corporation. Version 1.0 of CodeAstro Online Job Portal has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ID in the file admin/jobs-admins/delete-jobs.php, which may lead t...

PT-2026-45585

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

OFCMS SQL Injection Vulnerability

OFCMS is a content management system developed by the Oufu individual developers. Version OFCMS 1.1.3 has a SQL injection vulnerability, which stems from the SQL injection in the Query function of the SystemDictController.java file within the JSON query interface...

Paraiciel SQL injection vulnerability

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the tRecIdListe parameter, which allows for SQL injections. This could enable unauthenticated attackers ...

PT-2026-45405

A vulnerability was identified in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /save comment.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and...

Itsourcecode Online House Rental System SQL Injection Vulnerability

itsourcecode Online House Rental System is an open-source online housing rental system developed by itsourcecode. Version 1.0 of the itsourcecode Online House Rental System has a SQL injection vulnerability. This vulnerability arises from improper handling of parameter IDs in the...

PT-2026-45459

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

PT-2026-45621

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

PT-2026-45625

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpas keys parameter. Attackers can send GET requests to autosuggest.php with crafted wpas keys values to extract sensitive...

NextCloud SQL Injection Vulnerability

Nextcloud is an open-source, self-hosted communication platform for file synchronization and sharing developed by the German company Nextcloud. Versions of Nextcloud from 0.9.0 to 0.9.7, as well as versions from 1.0.0 to 1.0.2, had a SQL injection vulnerability. This vulnerability stemmed from...

ITSsourcecode Content Management System SQL Injection Vulnerability

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the topicid parameter in the file...

PT-2026-45407

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add sub topic.php. This manipulation of the argument topic id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made availab...

PT-2026-45551

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home employee.php. The manipulation of the argument emp id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

SourceCodester Computer Repair Shop Management System SQL Injection Vulnerability

SourceCodester Computer Repair Shop Management System is an open-source computer repair workshop management system developed by SourceCodester. Versions of the SourceCodester Computer Repair Shop Management System prior to version 1.0 contained SQL injection vulnerabilities. These vulnerabilities...

PT-2026-45640

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...