5728 matches found
ChanCMS SQL Injection Vulnerability
ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...
WordPress Testimonial Plugin SQL Injection Vulnerability
WordPress Testimonial Plugin is a plugin for displaying customer feedback, testimonials or user reviews in your website, mainly for enhancing website trust and social proof. WordPress Testimonial Plugin suffers from a SQL injection vulnerability that stems from insufficient cleaning and escaping ...
GHSA-H8WV-VV58-468H Subrion CMS: Authenticated administrators are able to gain escalated access through Run SQL Query tool
An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel — to gain escalated privileges in the context of the SQL query tool...
CVE-2025-9451
The CVE relates to the WordPress plugin Smartcat Translator for WPML. It describes a time-based SQL injection via the orderby parameter in all versions up to 3.1.69, caused by insufficient escaping of user input and inadequate preparation of the SQL query. The vulnerability requires authenticatio...
Online Fire Reporting System SQL注入漏洞
Online Fire Reporting System is an online fire reporting system by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Fire Reporting System version 1.2, which stems from incorrect manipulation of the parameter requestid in the endpoint /ofrs/details.php, which could...
Online Fire Reporting System SQL注入漏洞
Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A SQL injection vulnerability exists in Online Fire Reporting System version 1.2, which stems from an incorrect manipulation of the parameter todate in the file...
PT-2025-37176
Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the requestid parameter in the...
PT-2025-37170
Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a SQL injection flaw. This flaw allows an attacker to retrieve, create, update, and delete database information via the mobilenumber, teamleadname...
CVE-2025-10218
A flaw has been found in lostvip-com ruoyi-go 2.1. This affects the function SelectListPage of the file modules/system/dao/SysRoleDao.go of the component Background Management Page. This manipulation of the argument sortName causes sql injection. Remote exploitation of the attack is possible. The...
CVE-2025-56407
A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/mysql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-9943 Unauthenticated SQL Injection Vulnerability in Shibboleth Service Provider
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
CVE-2025-7826 Testimonial <= 2.3 - Authenticated (Contributor+) SQL Injection
The Testimonial plugin for WordPress is vulnerable to SQL Injection via the 'iNICtestimonial' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Linux Distros Unpatched Vulnerability : CVE-2018-10094
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in Dolibarr before 7.0.2 allows remote attackers to execute arbitrary SQL commands via vectors involving integer parameters without...
ChanCMS SQL注入漏洞
ChanCMS is a content management system. ChanCMS 3.3.0 and earlier versions suffer from a SQL injection vulnerability, which originates from the lack of validation of the Search parameter key in the app/modules/api/service/Api.js function against external input SQL statements. An attacker can...
Linux Distros Unpatched Vulnerability : CVE-2024-5315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...
Linux Distros Unpatched Vulnerability : CVE-2024-5314
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially...
CVE-2025-10121 uverif kami_list addbatch sql injection
A flaw has been found in uverif up to 3.2. This affects the function addbatch of the file /admin/kamilist. This manipulation of the argument note causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...
CVE-2025-10115
CVE-2025-10115 affects SiempreCMS up to version 1.3.6. The vulnerability resides in the file user_search_ajax.php where manipulation of the name/userName parameter triggers a SQL injection. The issue can be exploited remotely and the exploit has been publicly disclosed. Remediation per connected ...
CVE-2025-10114 PHPGurukul Small CRM profile.php sql injection
A vulnerability was found in PHPGurukul Small CRM 4.0. Affected by this issue is some unknown functionality of the file /profile.php. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...
PT-2025-36564
Name of the Vulnerable Software and Affected Versions: Maccms10 version 2025.1000.4050 Description: A SQL injection issue exists in the rep function of the application/admin/controller/Database.php file. Manipulation of the where argument can lead to SQL injection. The attack can be initiated...