QNAP Systems Hyper Data Protector SQL注入漏洞

QNAP Systems Hyper Data Protector is a one-stop backup software from Taiwan, China-based QNAP Systems. QNAP Systems Hyper Data Protector suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks that could result in the execution of unauthorized code or...

PT-2026-1099

Name of the Vulnerable Software and Affected Versions MARS Multi-Application Recovery Service versions prior to 1.2.1.1686 Description An SQL injection issue affects MARS Multi-Application Recovery Service. Successful exploitation could allow remote attackers to execute unauthorized code or...

PT-2026-1116

Name of the Vulnerable Software and Affected Versions code-projects Online Music Site version 1.0 Description A flaw exists in code-projects Online Music Site 1.0 where manipulation of the fname argument in the /Frontend/Feedback.php file can lead to SQL injection. This issue can be exploited...

Yonyou KSOA SQL注入漏洞

Yonyou KSOA is an enterprise management software from China's UFIDA Yonyou company. A SQL injection vulnerability exists in Yonyou KSOA version 9.0, which stems from incorrect manipulation of the parameter ID in the file /worksheet/deluser.jsp, which could lead to a SQL injection attack...

CVE-2025-15410

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Lemail leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available a...

CVE-2025-15409

CVE-2025-15409 affects code-projects Online Guitar Store 1.0. The vulnerability is an SQL injection in /admin/Delete_product.php via manipulation of the del_pro parameter, exploitable remotely. Public disclosures exist. Impact includes potential disclosure/integrity/availability harm as per CVSS ...

CVE-2025-55065

CWE-89 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection'...

CVE-2025-55065

CVE-2025-55065 is a SQL injection flaw (CWE-89) caused by improper neutralization of special elements in SQL commands. Connected sources reference Kopek Reem ReKord Client and general SQLi impact; no concrete affected versions or patches are specified in the provided documents. Exploitation detai...

EUVD-2026-0011

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Createproduct.php. Performing manipulation of the argument dretitle results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

CVE-2025-15407

CVE-2025-15407 affects code-projects Online Guitar Store 1.0. The vulnerability is a SQL injection in an unknown function of the file /admin/Create_category.php, triggered by manipulation of the dre_Ctitle parameter. Exploitation could be performed remotely, and public disclosures exist. Multiple...

Code-Projects Online Guitar Store SQL注入漏洞

Code-Projects Online Guitar Store is a Code-Projects open source online guitar store. A SQL injection vulnerability exists in Code-Projects Online Guitar Store version 1.0, which stems from an incorrect operation of the parameter delpro in the file /admin/Deleteproduct.php, which could lead to SQ...

CVE-2023-7331

A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using ...

CVE-2025-28949

CVE-2025-28949 for Mediabay - WordPress Media Library Folders: an Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) vulnerability allowing Blind SQL Injection in Mediabay = 1.5 or patch-level fixes) and confirm the affected software is the Mediabay plugin for Word...

CVE-2025-15392

A weakness has been identified in Kohana KodiCMS up to 13.82.135. This affects the function like of the file cms/modules/pages/classes/kodicms/model/page.php of the component Search API Endpoint. Executing manipulation of the argument keyword can lead to sql injection. It is possible to launch th...

WordPress ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes plugin <= 1.4.9 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes versions = 1.4.9...

WordPress Small Package Quotes - Worldwide Express Edition plugin <= 5.2.18 - Unauthenticated SQL Injection vulnerability

WordPress Small Package Quotes - Worldwide Express Edition plugin = 5.2.18 - Unauthenticated SQL Injection vulnerability discovered by Colin Xu in WordPress Plugin Small Package Quotes – Worldwide Express Edition versions = 5.2.18...

Full Stack Bank SQL注入漏洞

Full Stack Bank is a banking system by the individual developer Krystian Pińczak. Full Stack Bank suffers from a SQL injection vulnerability that stems from unknown code manipulation of the component User Handler, which could lead to a SQL injection attack...

WordPress Ads Pro plugin <= 4.89 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ads Pro versions = 4.89...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...

CVE-2023-54163

NLB mKlik Macedonia 3.3.12 contains a SQL injection vulnerability in international transfer parameters that allows attackers to manipulate database queries. Attackers can inject arbitrary SQL code through unsanitized input to potentially disclose sensitive information from the mobile banking...