CVE-2018-25197 PlayJoom 0.10.1 SQL Injection via catid Parameter

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with option=complayjoom&view=genre&catid=SQL to extract sensitive...

CVE-2018-25191 Facturation System 1.0 SQL Injection via editar_producto.php

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'modid' parameter. Attackers can send POST requests to the editarproducto.php endpoint with crafted SQL payloads in the modid...

CVE-2018-25187 Tina4 Stack 1.0.3 SQL Injection and Database File Download

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the men...

CVE-2018-25182

CVE-2018-25182 affects Silurus Classifieds Script 2.0. The vulnerability is an SQL injection in wcategory.php via the ID parameter, allowing unauthenticated remote attackers to craft SQL payloads to extract database names and sensitive information. CVSS metrics indicate high severity (CVSS 3.1: 8...

CVE-2018-25175

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

CVE-2018-25163

BitZoom 1.0 contains an unauthenticated SQL injection via the rollno and username parameters in forgot.php and login.php. The vulnerability allows arbitrary SQL queries, enabling extraction of database schema and table contents. Affected component: BitZoom 1.0 web application backend; root cause:...

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

CVE-2026-29073

Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

EUVD-2026-9978

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

Webiness Inventory SQL注入漏洞

Webiness Inventory is a web-based inventory management system developed by the individual developer of Webiness. Version 2.3 of Webiness Inventory has a SQL injection vulnerability. This vulnerability stems from an issue with the order parameter, which allows for SQL injections, potentially...

Tina4 Stack SQL注入漏洞

Tina4 Stack is a collection of full-stack development frameworks provided by Tina4 Corporation. Version 1.0.3 of Tina4 Stack contains an SQL injection vulnerability. This vulnerability stems from allowing direct access to database files and SQL injections, which may enable unverified attackers to...

EUVD-2026-9647

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2026-27373 WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through = 1.2.3...

CVE-2025-69338 WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through = 1.6.26...

PT-2026-23268

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.49 and 17.0.7 have a SQL injection vulnerability, which stems from SQL query injections in the Call Data...

CVE-2026-20002

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...