5710 matches found
CVE-2026-22243
CVE-2026-22243 — EGroupware SQL Injection (Nextmatch filter processing) Affected software: EGroupware web-based groupware server (PHP), versions prior to 23.1.20260113 and 26.0.20260113. Root cause and vulnerability: An authenticated SQL Injection exists in the Nextmatch filter processing. The is...
jshERP SQL Injection Vulnerability
jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “barCodes” in the “getBillItemByParam” function located in the...
WebDamn User Registration Login System SQL Injection Vulnerability
The WebDamn User Registration Login System is a user registration and login module developed by WebDamn Corporation. The WebDamn User Registration Login System has a SQL injection vulnerability, which stems from improper handling of email credentials. This vulnerability may lead to SQL injection...
PT-2026-5239
Tanium addressed a SQL injection vulnerability in Asset...
PT-2026-5152
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...
CVE-2026-1474
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...
CVE-2026-1482
CVE-2026-1482 is an out-of-band SQL injection vulnerability in the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The flaw affects the Id_evaluacion parameter of the /evaluacion_objetivos_evalua_definido.aspx endpoint, enabling an attacker to exfiltrate data from ...
CVE-2026-1479
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...
CVE-2026-1473
CVE-2026-1473 describes an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the parameter Id_usuario in the page /evaluacion_competencias_evalua.aspx and can allow an attacker to extract sensitive data from th...
CVE-2020-36951 Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
EUVD-2020-30876
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
EUVD-2020-30862
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...
CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...
Quatuor Evaluation of Performance SQL Injection Vulnerability
Quatuor Evaluación de Desempeño is a performance evaluation system developed by the Spanish company Quatuor. Quatuor Evaluación de Desempeño has a SQL injection vulnerability. This vulnerability stems from incorrect operations with the parameter Idusuario in the...
Quatuor Evaluation of Performance SQL Injection Vulnerability
Quatuor Evaluación de Desempeño is a performance evaluation system developed by the Spanish company Quatuor. Quatuor Evaluación de Desempeño has a SQL injection vulnerability. This vulnerability stems from external SQL injections in the parameters Idusuario and Idevaluacion within the...
PT-2026-4979
Name of the Vulnerable Software and Affected Versions Performance Evaluation EDD application versions affected versions not specified Description An out-of-band SQL injection flaw exists in the Performance Evaluation EDD application by Gabinete Técnico de Programación. Successful exploitation of...
EUVD-2026-4671
A flaw has been found in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminDeleteUser.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published an...
CVE-2026-1422 code-projects Online Examination System Login Page index.php sql injection
A vulnerability was found in code-projects Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Page. Performing a manipulation of the argument User results in sql injection. The attack is possible to be carried ou...
WordPress plugin WP-ClanWars has a SQL injection vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-22470
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injection.This issue affects FireStorm Professional Real Estate: from n/a through = 2.7.11...