CVE-2025-70311

JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

PYSEC-2026-62

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

Elaniin CMS SQL injection vulnerability

Elaniin CMS is an open-source content management system created using PHP and MySQL by Elaniin. Version 1.0 of Elaniin CMS has a SQL injection vulnerability; this vulnerability stems from SQL injections in the login page, which may lead to authentication bypass...

EUVD-2026-4671

A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published an...

CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection

A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...

CVE-2026-1132

CVE-2026-1132 affects Yonyou KSOA 9.0. The vulnerability lies in the HTTP GET Parameter Handler, specifically the /kmf/edit_folder.jsp file, where manipulating the folderid argument enables SQL injection. The exploit appears to be public and exploitable remotely; there is no vendor response or co...

CVE-2026-1130

Affected software: Yonyou KSOA 9.0. The vulnerability stems from the HTTP GET Parameter Handler processing of the file /worksheet/worksadd_plan.jsp, where manipulation of the ID argument enables SQL injection. This can be triggered remotely, and exploits have been published. Multiple sources conf...

CVE-2026-1105

A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was...

Yonyou KSOA SQL injection vulnerability

Yonyou KSOA is an enterprise-level management software developed by Yonyou Corporation in China. Version 9.0 of Yonyou KSOA contains a SQL injection vulnerability, which stems from incorrect handling of parameters named “ID” in the file/worksheet/worksaddplan.jsp. This vulnerability may lead to S...

Wolters Kluwer Kmaleon SQL injection vulnerability

Wolters Kluwer Kmaleon is an automated case management software developed by the German company Wolters Kluwer. Version 1.1.0.205 of Wolters Kluwer Kmaleon contains a SQL injection vulnerability. This vulnerability stems from the SQL injection in the tipocomb parameter of the kmaleonW.php file,...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

WordPress plugin Shipping Rate By Cities SQL注入漏洞

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

CVE-2026-0803

A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The...

CVE-2026-22195 GestSup < 3.2.60 SQL Injection in Search Bar

GestSup versions prior to 3.2.60 contain a SQL injection vulnerability in the search bar functionality. User-controlled search input is incorporated into SQL queries without sufficient neutralization, allowing an authenticated attacker to manipulate database queries. Successful exploitation can...

CVE-2023-4185

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack...

CVE-2023-4201

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file excatagorydata.php. The manipulation of the argument columns1data leads to sql injection. The attack may be initiated remotely. The exploi...

PT-2026-1829

Name of the Vulnerable Software and Affected Versions edu Business Solutions Print Shop Pro WebDesk versions 18.34 Description A SQL injection issue exists due to the improper handling of user-supplied data. Specifically, the hfInventoryDistFormID parameter within the...

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

FreeBPX < 16.0.92 Multiples Vulnerabilities

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.92 or 17.x prior to 17.0.6. It is, therefore, affected by multiples vulnerabilities : - An arbitrary file upload vulnerability in the FreePBX Endpoint Management module affecting th...