CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

Exploit for CVE-2024-36058

Koha Library Software CVE ID: CVE-2024-36058 Produ...

EUVD-2026-19207

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

EUVD-2026-19192

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been mad...

CVE-2026-5637

A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /messageadmin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename in the file...

PT-2026-30599

A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has...

WeGIA SQL注入漏洞

WeGIA is a network manager for the welfare organization developed by Nilson Lazarin. Versions of WeGIA prior to 3.6.9 contained an SQL injection vulnerability. This vulnerability stemmed from the idmemorando parameter in the dao/memorando/DespachoDAO.php file being used in SQL queries without...

PT-2026-30596

Name of the Vulnerable Software and Affected Versions Easy Blog Site version 1.0 Description A security issue exists in Easy Blog Site 1.0 related to the login functionality within the login.php file. Manipulation of the username and password arguments can lead to SQL injection. The attack can be...

PT-2026-30631

Name of the Vulnerable Software and Affected Versions David Lingren Media Library Assistant versions through 3.34 Description A SQL Injection issue exists in David Lingren Media Library Assistant due to improper neutralization of special elements used in an SQL command. This allows attackers to...

EUVD-2019-20115

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user2reset parameter. Attackers can send crafted requests with malicious SQL payloads to extract sensitive database information or modi...

EUVD-2019-20119

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idtodelete parameter. Attackers can send crafted requests with malicious SQL statements in the idtodelete field to extract or modify sensitive database...

CVE-2019-25663

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...

CVE-2019-25704 Kados R10 GreenBee SQL Injection via filter_user_mail

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filterusermail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

CVE-2019-25700

Kados R10 GreenBee exposes an SQL injection flaw in the sort_direction parameter. The vulnerability allows attackers to manipulate database queries, potentially exfiltrating data or altering data. The issue is documented across multiple sources (CVE-2019-25700, EUVD-2019-20121, NVD, etc.). Concre...

CVE-2019-25662 ResourceSpace 8.6 SQL Injection via watched_searches.php

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watchedsearches.php endpoint with crafted SQL payloads to extract...

SQL Injection

Overview openchatbi is an OpenChatBI - Natural language business intelligence powered by LLMs for intuitive data analysis and SQL generation Affected versions of this package are vulnerable to SQL Injection via the Multi-stage Text2SQL Workflow component when processing the keywords argument. An...

CVE-2026-5580 CodeAstro Online Classroom Parameter addvideos.php sql injection

A vulnerability was identified in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/addvideos.php of the component Parameter Handler. The manipulation of the argument videotitle leads to sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5579 CodeAstro Online Classroom Parameter updatedetailsfromfaculty.php sql injection

A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql injection. The attack...

EUVD-2026-19075

A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiate...