NesterSoft WorkTime 安全漏洞

NesterSoft WorkTime is a project tracking software developed by the Canadian company NesterSoft. NesterSoft WorkTime has a security vulnerability, which stems from an SQL injection vulnerability in the widget API endpoint. This vulnerability could lead to data leaks or the execution of arbitrary...

PT-2026-20561

Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A SQL injection issue exists in itsourcecode Event Management System version 1.0. The issue is located in the /admin/manage booking.php file, within an unknown function. Manipulation...

Delinea Cloud Suite 安全漏洞

Delinea Cloud Suite is a cloud-based resource pool management software developed by Delinea Corporation in the United States. Delinea Cloud Suite has a security vulnerability that stems from improper handling of special elements within SQL commands, which may lead to SQL injection attacks...

PT-2026-20389

When hours are entered in time@work, version 7.0.5, it performs a query to display the projects assigned to the user. If the query URL is copied and opened in a new browser window, the ‘IDClient’ parameter is vulnerable to a blind authenticated SQL injection. If the request is made with the TWAdm...

CVE-2025-7631

CVE-2025-7631 affects Tumeva News Software (Tumeva Internet Technologies Software Information Advertising and Consulting Services Trade Ltd. Co.) through version 17022026. The issue is improper neutralization of special elements used in SQL commands (SQL Injection). CVSS 3.1: AV:N/AC:L/PR:N/UI:N/...

CVE-2025-67102

Jorani versions up to 1.0.4 contain a SQL injection vulnerability in the alldayoffs feature, exploitable by an authenticated attacker via the entity parameter to execute arbitrary SQL commands. Multiple sources (Red Hat, CVE listings, PT-Security advisory) concur that the issue stems from imprope...

PT-2026-20339

Name of the Vulnerable Software and Affected Versions Sciyon Koyuan Thermoelectricity Heat Network Management System version 3.0 Description A security issue exists in Sciyon Koyuan Thermoelectricity Heat Network Management System 3.0. The manipulation of the PGUID argument in the file...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

CVE-2025-70830

A Server-Side Template Injection SSTI vulnerability in the Freemarker template engine of Datart v1.0.0-rc.3 allows authenticated attackers to execute arbitrary code via injecting crafted Freemarker template syntax into the SQL script field...

PT-2026-8401

Name of the Vulnerable Software and Affected Versions Tumeva News Software versions through 17022026 Description The software contains a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential data exposure through attacks. The vend...

WordPress Mail Mint plugin <= 1.19.2 - Authenticated (Administrator+) SQL Injection via Multiple API Endpoints vulnerability

Authenticated Administrator+ SQL Injection via Multiple API Endpoints vulnerability discovered by Paolo Tresso - Wordfence in WordPress Plugin Mail Mint versions = 1.19.2...

SQL Injection

devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the term parameter in SQL LIKE clauses within the global search functionality, which allows an attacker to inject malicious SQL queries and extract sensitive data through time-based...

CVE-2025-69633

CVE-2025-69633 is a SQL injection vulnerability in the PrestaShop Advanced Popup Creator module, affecting versions 1.1.26–1.2.6 (fixed in 1.2.7). The flaw allows remote, unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller, with the ...

CVE-2025-10969

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issue affects E-Commerce Package: through 27112025...

elearning-script SQL注入漏洞

elearning-script is an e-learning blog developed by Amit Kollol Dey. Version 1.0 of elearning-script has a SQL injection vulnerability, which stems from incorrect handling of login parameters in the /login.php file. This vulnerability could lead to authentication bypasses...

PT-2026-7867

CordysCRM 1.4.1 is vulnerable to SQL Injection in the employee list query interface /user/list via the departmentIds parameter...

thesystem SQL注入漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem has a SQL injection vulnerability, which stems from improper handling of the username parameter, potentially leading to SQL injection attacks...

CVE-2026-25947

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 - CMS Made Simple SQL Injection Exploit Modifie...

CVE-2026-2093

Docpedia developed by Flowring has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...