WeGIA SQL注入漏洞

WeGIA is a web manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.6 contained an SQL injection vulnerability. This vulnerability stemmed from the id Produto parameter in the html/matPat/restaurarProduto.php file being directly concatenated into the SQ...

CVE-2026-29172

Craft Commerce (Craft CMS) is affected by a SQL Injection in the purchasables table sorting. Prior to versions 4.10.2 and 5.5.3, the sort parameter is split by | and the first part (column name) is used directly as an array key in orderBy() without whitelist validation, allowing an authenticated ...

Fortinet FortiAnalyzer sqli (FG-IR-26-095)

The version of FortiAnalyzer installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-26-095 advisory. - An improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet...

CVE-2026-3747

A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /addresult.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly availabl...

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2026-3751 SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

PT-2026-23970

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A security issue exists in projectworlds Online Art Gallery Shop 1.0. The vulnerability involves SQL injection within the /admin/adminHome.php file. Manipulation of the reach nm...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

EUVD-2018-21645

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

CVE-2025-50188 Error-based SQL Injection in Chamilo LMS

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

PT-2026-22541

Name of the Vulnerable Software and Affected Versions itsourcecode Society Management System version 1.0 Description A weakness exists in an unknown functionality of the file /admin/check studid.php. Manipulation of the student id argument can lead to SQL injection. The attack can be launched...

PT-2026-22602

Name of the Vulnerable Software and Affected Versions Simple Student Alumni System version 1.0 Description The Simple Student Alumni System is susceptible to a SQL Injection issue. This flaw is located in the /TracerStudy/modal view.php file. The vulnerability allows for potential unauthorized...

EUVD-2026-8996

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

CVE-2026-27149 Discourse has SQL injection in PM tag filtering

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering listprivatemessagestag allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and...

GHSA-F3F2-MCXC-PWJX n8n: SQL Injection in MySQL, PostgreSQL, and Microsoft SQL nodes

Impact An authenticated user with permission to create or modify workflows and access to a database credential could unknowingly create a workflow that was vulnerable to SQL injection, even while expecting inputs to be handled safely through escaped parameters. By supplying specially crafted tabl...