CVE-2026-6167 code-projects Faculty Management System subject-print.php sql injection

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2026-3830 Product Filter for WooCommerce by WBW < 3.1.3 - Unauthenticated SQLi

The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks...

EUVD-2026-21780

A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMERID results in sql injection. It is possible to launch the attack remotely. The exploit h...

EUVD-2026-21778

A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...

SourceCodester Online Thesis Archiving System 安全漏洞

The SourceCodester Online Thesis Archiving System is an open-source online thesis archiving system developed by SourceCodester. Version 1.0 of the SourceCodester Online Thesis Archiving System contains a security vulnerability, which stems from SQL injection in the file...

SourceCodester Online Reviewer System 安全漏洞

The SourceCodester Online Reviewer System is an open-source online review system developed by SourceCodester. Version 1.0 of the SourceCodester Online Reviewer System contains a security vulnerability, which stems from an SQL injection vulnerability in the...

SourceCodester Cab Management System 安全漏洞

SourceCodester Cab Management System is an open-source taxi management system developed by SourceCodester. Version 1.0 of the SourceCodester Cab Management System has a security vulnerability, which stems from SQL injection in the /cms/admin/categories/viewcategory.php file...

SourceCodester Online Resort Management System 安全漏洞

The SourceCodester Online Resort Management System is an open-source network-based application developed by SourceCodester. It provides online room booking capabilities and can also be used as a simple website for resorts. Version 1.0 of the SourceCodester Online Resort Management System has a...

SourceCodester Online Resort Management System 安全漏洞

The SourceCodester Online Resort Management System is an open-source network-based application developed by SourceCodester. It provides online room reservations and can also be used as a simple website for resorts. Version 1.0 of the SourceCodester Online Resort Management System has a security...

CVE-2026-36943

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/managerepair.php...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from improper handling ...

PT-2026-32276

A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made...

CVE-2026-36948

The connected sources confirm CVE-2026-36948 affects Sourcecodester Online Thesis Archiving System v1.0, with a SQL injection vulnerability in the file /otas/view_archive.php. Public details consistently describe an SQL injection condition but do not provide product versions beyond v1.0, impact s...

EUVD-2019-20149

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

Dolibarr has SQL injection vulnerability in the rowid parameter of the admin dict.php

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

EUVD-2018-21768

Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user...

CVE-2019-25713

MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegrouptotal parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blind...

GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

@saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler

Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...

CVE-2026-35596

CVE-2026-35596 affects Vikunja prior to 2.3.0. The function hasAccessToLabel contains a SQL operator precedence bug in the label-permission query, causing any authenticated user to read any label that has at least one task, regardless of project access. This exposes label titles, descriptions, co...