CVE-2026-3134

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has be...

CVE-2026-23980

Improper Neutralization of Special Elements used in a SQL Command 'SQL Injection' vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters. This issue affects Apache Superset: before 6.0.0. Users...

PT-2026-21799

Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...

CVE-2026-1367

Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...

CVE-2019-25391

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

CVE-2025-69309

CVE-2025-69309 affects WordPress plugin Saasplate Core (saasplate-core) up to and including version 1.2.8, due to improper neutralization of special elements in SQL queries, enabling Blind SQL Injection. Affected versions range from n/a through 1.2.8; Red Hat and CVE listings corroborate this sco...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

PT-2026-20645

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis not.php. This manipulation of the argument comp id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 - CMS Made Simple SQL Injection Exploit Modifie...

CVE-2026-2225

CVE-2026-2225 affects itsourcecode News Portal Project 1.0. The vulnerability resides in the Administrator Login component, specifically the file /admin/index.php, where manipulating the email argument enables a SQL injection. The issue can be exploited remotely, and the exploit has been publishe...

PT-2026-7088

A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The exploit has been...

EUVD-2026-5774

A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem0 leads to sql injection. The attack can be executed remotely...

EUVD-2026-5783

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried...

CVE-2026-2162

A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

PHPGurukul Hospital Management System SQL注入漏洞

PHPGurukul Hospital Management System is a hospital management system developed by PHPGurukul company, based on PHP and MySQL. Version 4.0 of PHPGurukul Hospital Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameter IDs in the file...

CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint)

OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, an SQL Injection vulnerability exists in the ajaxselect.php endpoint when handling the componenti operation. An authenticated attacker can inject malicious SQL code through the...

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...