SSCMS SQL注入漏洞

SSCMS SiteServerCMS is a content management system developed by SSCMS Corporation in China. Version 7.4.0 of SSCMS contains an SQL injection vulnerability. This vulnerability stems from improper handling of the tableHandWrite parameter in the SitesAddController.Submit.cs file of the DDL Handler...

PT-2026-25706

HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from a misconfiguration that may allow execution of harmful SQL queries, which can be exploited by an attacker to cause unexpected database interactions or limited...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the coursecode parameter in the file...

RealtyScript SQL注入漏洞

RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability, which stems from improper cleaning of the uid and agent parameters. This vulnerability could allow unverified attackers to inject arbitrary SQL...

CodePhiliaX Chat2DB SQL注入漏洞

CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain a SQL injection vulnerability. This vulnerability arises from improper handling of parameters in the functions exportTable, exportTableColumnComment,...

PT-2026-25640

A vulnerability has been found in vanna-ai vanna up to 2.0.2. Affected is the function update sql of the file src/vanna/legacy/flask/ init .py of the component Endpoint. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...

web_vuln_scanner

webvulnscanner A cybersecurity...

SQL Injection

Craft Commerce is vulnerable to SQL Injection. The vulnerability is due to lack of whitelist validation on the sort parameter passed to orderBy, which allows an attacker to inject malicious SQL into the ORDER BY clause and manipulate database queries...

EUVD-2026-12017

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...

EUVD-2026-11949

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...

EUVD-2026-11941

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

EUVD-2026-11858

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

EUVD-2026-11798

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through = 1.0.6.3...

EUVD-2026-11792

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...

CVE-2026-32628

AnythingLLM has a SQL injection in the built‑in SQL Agent plugin (v1.11.1 and earlier) allowing a user who can invoke the agent to run arbitrary SQL on connected databases. The vulnerability stems from getTableSchemaSql() building queries via direct string concatenation of the table_name paramete...

CVE-2026-32458 WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through = 1.0.8.7...

CVE-2026-32422

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...