EUVD-2019-19774

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...

EUVD-2019-19790

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. Attackers can bypass authentication by submitting equals signs and...

CVE-2026-32137

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

CVE-2026-31841

Hyperterse prior to v2.2.0 exposes raw SQL queries in search results, leaking statements intended to run covertly. Affects the Hyperterse tool-first MCP framework’s search component; vulnerability arises from returning executed-under-the-hood SQL alongside results. Impact per CVSS: Confidentialit...

CVE-2019-25534

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

CVE-2019-25512

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive databa...

CVE-2019-25539 202CMS v10 beta SQL Injection via register.php

202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind injection technique...

CVE-2019-25537

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...

CVE-2019-25529

Placeto CMS Alpha rv.4 contains an authenticated SQL injection vulnerability in the admin/edit.php endpoint via the page parameter. Attackers can craft GET requests to extract data using boolean-based blind, time-based blind, or union-based techniques without user interaction, with LOW privileges...

CVE-2019-25525

CVE-2019-25525 affects Inout EasyRooms Ultimate Edition v1.0. The vulnerability is an SQL injection in the guests parameter that can be exploited via POST to the search/rentals endpoint, enabling unauthenticated attackers to bypass authentication and potentially extract or modify data. The provid...

CVE-2019-25522

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...

CVE-2019-25514 Jettweb PHP Hazir Haber Sitesi Scripti V3 SQL Injection

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

EUVD-2026-11525

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

PT-2026-24981

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal id parameter. Attackers can send GET requests to gal.php with malicious gal id values to extract sensitive database information or...

PT-2026-24980

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. Attackers can submit SQL injection payloads in the username and...

Netartmedia Event Portal SQL注入漏洞

Netartmedia Event Portal is an event registration management system operated by the Bulgarian company Netartmedia. Version 2.0 of Netartmedia Event Portal has a SQL injection vulnerability. This vulnerability stems from SQL injection in email parameters, which could allow unverified attackers to...

Netartmedia PHP Car Dealer SQL注入漏洞

Netartmedia PHP Car Dealer is a website system for car dealers operated by the Bulgarian company Netartmedia. Netartmedia PHP Car Dealer has a SQL injection vulnerability; this vulnerability stems from the SQL injection present in the features parameter, which may allow unverified attackers to...

PT-2026-25003

Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can submit POST requests to index.php with malicious SQL payloads in the page field to bypass...

Nesote Inout EasyRooms SQL注入漏洞

Nesote Inout EasyRooms is a hotel management system developed by Nesote Corporation. Version 1.0 of Nesote Inout EasyRooms has a SQL injection vulnerability. This vulnerability stems from the guests parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulat...

Netartmedia Real Estate Portal SQL注入漏洞

Netartmedia Real Estate Portal is a real estate transaction website system operated by the Bulgarian company Netartmedia. Version 5.0 of Netartmedia Real Estate Portal has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the page parameter, which may allow...