Chamilo index.php file SQL injection vulnerability

Chamilo is a learning management system open source by Chamilo. Chamilo index.php file contains a SQL injection vulnerability , an attacker can use the vulnerability to execute illegal SQL commands to steal sensitive database data...

Discourse Access Control Error Vulnerability (CNVD-2026-17485)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from an Access Control Error vulnerability that stems from an open Access Control Failure in the Data Explorer plugin,...

PT-2026-23998

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of a GET parameter. Specifically, manipulation of the sellid argument within the sales...

CVE-2026-3771

A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the...

CVE-2026-3759

CVE-2026-3759 affects projectworlds Online Art Gallery Shop 1.0. The vulnerability is in the admin code path (/admin/adminHome.php) where manipulation of the reach_nm parameter triggers an SQL injection, exploitable remotely. Public exploitation information is present (PoC-like activity in some s...

CVE-2026-3753

A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /addsalesprint.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-3753 SourceCodester Sales and Inventory System add_sales_print.php sql injection

A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /addsalesprint.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-3751 SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

CVE-2026-3751 SourceCodester Employee Task Management System GET Parameter daily-attendance-report.php sql injection

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

CVE-2026-3745

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-3746 SourceCodester Simple Responsive Tourism Website Login Login.php sql injection

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may...

CVE-2026-3735

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit h...

PT-2026-23970

Name of the Vulnerable Software and Affected Versions projectworlds Online Art Gallery Shop version 1.0 Description A security issue exists in projectworlds Online Art Gallery Shop 1.0. The vulnerability involves SQL injection within the /admin/adminHome.php file. Manipulation of the reach nm...

PT-2026-23965

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System 1.0. The issue is located in an unknown function within the /add stock.php file. Manipulating the cost...

PT-2026-23967

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A SQL injection issue exists in SourceCodester Sales and Inventory System version 1.0. The issue is located in the /check item details.php file, within an unknown function...

itsourcecode University Management System SQL注入漏洞

itsourcecode University Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode University Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “dt” in the file...

PT-2026-23951

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-30860 WeKnora: Remote Code Execution via SQL Injection Bypass in AI Database Query Tool

WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.2.12, a remote code execution RCE vulnerability exists in the application's database query functionality. The validation system fails to recursively inspect child nodes within...

CVE-2026-28210

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr Call Data Record is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7...

EUVD-2018-21645

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit crafted POST requests to the login.php endpoint with SQL injection payloads in the username...