CVE-2026-7783 CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

CVE-2026-7545

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-42229

n8n is an open source workflow automation platform. Prior to versions 1.123.32, 2.17.4, and 2.18.1, a flaw in the SeaTable node's row:search and row:get operations allowed user-controlled input to be concatenated directly into SQL query strings without escaping or parameterization. In workflows...

CVE-2026-7744 CodeAstro Online Classroom addnewstudent sql injection

A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

CVE-2026-7731

CVE-2026-7731 affects code-projects BloodBank Managing System 1.0. The vulnerability is an SQL injection in an unknown function within get_state.php triggered by manipulating the G_STATE_ID argument. It allows remote exploitation and the exploit has been publicly disclosed. Connected sources prov...

PT-2026-36760

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get state.php. The manipulation of the argument G STATE ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

CodeAstro Online Classroom 注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from an unknown function in the file/OnlineClassroom/facultylogin that operates on the parameter fid, allowi...

Astra Linux – Vulnerability in Mariadb 10.3

It has been discovered that MariaDB Server v10.6.5 and earlier contain a use-after-free in the Itemargs::walkarg component, which can be exploited through specially crafted SQL statements...

Astra Linux – Vulnerability in python-pymysql

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...

CVE-2026-7694

The CVE concerns Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0, where an unknown function in /SubstationWEBV2/main/elecMaxMinAvgValue is vulnerable to SQL injection via manipulating the fCircuitids parameter. It is exploitable remotely and an exploit has be...

yudao-cloud 注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV’s individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a injection vulnerability. This vulnerability originated from the function getDataBySQL in the file...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...

PT-2026-36604

Name of the Vulnerable Software and Affected Versions itsourcecode Courier Management System version 1.0 Description A remote SQL injection exists in the /edit user.php file. This issue occurs when the ID argument is manipulated, allowing an attacker to execute arbitrary SQL commands...

Exploit for CVE-2026-42167

\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...

CVE-2026-7549

SourceCodester Pharmacy Sales and Inventory System 1.0 is affected by a SQL injection in the /ajax.php?action=delete_customer endpoint. The vulnerability arises from manipulating the argument ID, enabling remote attacker to influence the database. An exploit has been published and may be used. Th...

Code-Projects Gym Management System 注入漏洞

Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a vulnerability related to SQL injection, which arises from incorrect handling of parameters in the file admin/editexercises.php,...

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...