GHSA-P32Q-V29X-WQ9R Focalboard doesn't sanitize category IDs before incorporating them into dynamic SQL statements

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitiz...

Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection

Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...

CVE-2026-32813 Admidio: Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

Admidio is an open-source user management solution. Versions 5.0.6 and below are vulnerable to arbitrary SQL Injection through the MyList configuration feature. The MyList configuration feature lets authenticated users define custom list column layouts, storing user-supplied column names, sort...

org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive informatio...

CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...

EUVD-2025-35705

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

gnuboard4 安全漏洞

gnuboard4 is a content management system from kagla open source. A security vulnerability exists in gnuboard4 v4.36.04 and earlier versions, which stems from a second-order SQL injection vulnerability in searchtable in bbs/search.php...

CVE-2024-0685

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

CVE-2024-0685 Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection

The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter...

h1-ctf: Stopping Grinch to ruin XMas!

Hello, Gonna just submit flags first then will send my write up later tomorrow. flag1: flag48104912-28b0-494a-9995-a203d1e261e7 https://hackyholidays.h1ctf.com/robots.txt recon revealing hidden endpoint flag2: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 https://hackyholidays.h1ctf.com/s3cr3t-ar3a...

ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities

Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: ManagEnegine ADManager Plus = 6.5.40 Multiple Vulnerabilities Application: ManagEnegine Admanager Remotely Exploitable: Yes Authentication Required: Yes Versions Affected...

ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities

ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities 1. ADVISORY INFORMATION ======================================== Title: ManagEnegine ADManager Plus = 6.5.40 Multiple Vulnerabilities Application: ManagEnegine Admanager Remotely Exploitable: Yes Authentication Required: Yes Versions...

TinyShop二次注入一枚。

简要描述： rt TinyShop v1.0.2 详细说明： 还是 protected\controllers\simple.php文件 public function orderact ................. $address = $model-table"address"-where"id=$addressid"-find; //if!$address$this-redirect"order",false,Req::args; //if!$paymentid$this-redirect"order",false,Req::args; $data'orderno' =...