5710 matches found
EUVD-2026-5510
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...
CVE-2025-15268 Infility Global <= 2.14.46 - Unauthenticated SQL Injection via Predictable API Key and IP Whitelist Bypass
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2025-15268
The Infility Global plugin for WordPress is vulnerable to unauthenticated SQL Injection via the 'infilitygetdata' API action in all versions up to, and including, 2.14.46. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
Martcode Delta Course Automation SQL注入漏洞
Martcode Delta Course Automation is an automated marketing and course management system developed by the Turkish company Martcode. Versions of Martcode Delta Course Automation prior to 04022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of...
PT-2026-5909
Name of the Vulnerable Software and Affected Versions Delta Course Automation versions through 04022026 Description Delta Course Automation is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized...
CVE-2025-70311
JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...
CVE-2020-37105
PMB 5.6 contains a SQL injection vulnerability in the administration download script that allows authenticated attackers to execute arbitrary SQL commands through the 'logid' parameter. Attackers can leverage this vulnerability by sending crafted requests to the /admin/sauvegarde/download.php...
CVE-2026-1287 Potential SQL injection in column aliases via control characters
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. FilteredRelation is subject to SQL injection in column aliases via control characters, using a suitably crafted dictionary, with dictionary expansion, as the kwargs passed to QuerySet methods annotate, aggregat...
EUVD-2026-5306
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through = 3.6.16...
CVE-2026-25022
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue affects KiviCare: from n/a through = 3.6.16...
OXID eShop SQL注入漏洞
OXID eShop is an online e-commerce platform provided by the German company OXID. Versions of OXID eShop prior to 6.3.4 had a SQL injection vulnerability. This vulnerability stemmed from the sorting parameter, which was vulnerable to SQL injection attacks, potentially allowing for the execution of...
SIGB PMB SQL注入漏洞
SIGB PMB is an open-source integrated library management system developed by SIGB Corporation. Version 5.6 of SIGB PMB contains a SQL injection vulnerability. This vulnerability stems from the logid parameter in the management download script, which allows for SQL injections. As a result,...
YouDataSum CPAS Audit Management System 安全漏洞
YouDataSum CPAS Audit Management System is a data auditing software developed by YouDataSum Corporation. Versions of YouDataSum CPAS Audit Management System prior to v4.9 contained security vulnerabilities. These vulnerabilities were due to insufficient validation of parameter inputs, which could...
CVE-2025-70311
JEEWMS 1.0 is vulnerable to SQL Injection. Attackers can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do interface for attack...
PT-2026-5908
Name of the Vulnerable Software and Affected Versions Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System versions through 03022026 Description The software contains a flaw related to improper neutralization of special elements within SQ...
PT-2026-5982
Name of the Vulnerable Software and Affected Versions JEEWMS version 1.0 Description JEEWMS 1.0 is susceptible to SQL Injection. An attacker can inject malicious SQL statements through the id1 and id2 parameters in the /systemControl.do API endpoint. Recommendations Apply appropriate input...
Fikir Odalari AdminPando SQL注入漏洞
Fikir Odalari AdminPando is a backend management system operated by the Turkish company Fikir Odalari. Version 1.0.1 of Fikir Odalari AdminPando before January 26, 2026 contained an SQL injection vulnerability. This vulnerability stemmed from the username and password parameters used in the login...
Emit Efficiency Management System SQL注入漏洞
Emit Efficiency Management System is a business process and efficiency management platform developed by the Turkish company Emit. Versions of the Emit Efficiency Management System prior to 03022026 contained a SQL injection vulnerability. This vulnerability stemmed from improper handling of speci...
Plikli CMS 4.0.0 Blind SQL Injection
A blind SQL injection vulnerability exists in Plikli CMS version 4.0.0. The vulnerability allows remote attackers to execute arbitrary SQL commands and potentially compromise the database. This is older research added to the archive...
📄 FreePBX Endpoint Authentication Bypass / SQL Injection
This proof of concept exploit demonstrates a chained attack scenario in FreePBX that combines an authentication bypass with a SQL injection vulnerability in the custom endpoint extension component. When specific configuration conditions are met, an attacker may interact with administrative...