686 matches found
PandasAI SQL注入漏洞
PandasAI is a Python library that integrates artificial intelligence functions into pandas. Versions of PandasAI 0.1.4 and earlier contain a SQL injection vulnerability, which stems from incorrect operations on functions in the file extensions/ee/vectorstores/lancedb/pandasailancedb/lancedb.py,...
CVE-2026-4954 mingSoft MCMS Web Content List Endpoint ContentAction.java list sql injection
A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
msfpro
msfpro 🔥 Lightweight Web Exploitation Framework for Bug Bou...
PT-2026-28402
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the save user action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious...
AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables
Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...
EUVD-2018-21671
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...
CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter
OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...
CVE-2026-4826 SourceCodester Sales and Inventory System HTTP GET Parameter update_stock.php sql injection
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /updatestock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is...
EUVD-2026-15847
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...
CVE-2026-4624
A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated...
EUVD-2019-19895
Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...
Cockpit SQL注入漏洞
Cockpit is an interactive server management interface developed by Cockpit OpenSource. Versions of Cockpit 2.13.4 and earlier had a SQL injection vulnerability. This vulnerability originated from the SQL injection vulnerability present in the MongoLite aggregate optimizer, which could allow...
PT-2026-25245
🟠 CVE-2026-32399 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant media-library-assistant allows Blind SQL Injection.... https://t.co/zIHylCK304 https://t.co/dm6dsgBVKp...
EUVD-2019-19835
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...
EUVD-2019-19768
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...
CVE-2019-25529
Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...
PT-2026-24981
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal id parameter. Attackers can send GET requests to gal.php with malicious gal id values to extract sensitive database information or...
PT-2026-24980
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...
CVE-2025-70024
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...