855 matches found
CVE-2026-26116
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-55270
HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...
EUVD-2026-16016
OpenEMR is a free and open source electronic health records and medical practice management application. Versions up to and including 8.0.0.2 contain a SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to...
EUVD-2026-15695
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in eyecix Addon Jobsearch Chat addon-jobsearch-chat allows SQL Injection.This issue affects Addon Jobsearch Chat: from n/a through = 3.0...
CVE-2026-4779
A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file updatecustomerdetails.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can b...
CVE-2026-4615 SourceCodester Online Catering Reservation search.php sql injection
A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2026-4597
CVE-2026-4597 affects the 648540858 wvp-GB28181-pro product up to version 2.7.4. The vulnerability is in the function selectAll within the file src/main/java/com/genersoft/iot/vmp/streamProxy/dao/provider/StreamProxyProvider.java of the Stream Proxy Query Handler . The issue results in an SQL inj...
EUVD-2026-14355
A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /viewcustomers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The...
PT-2026-27012
A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the...
CVE-2019-25580 ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...
WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Miraculous Core Plugin versions 2.1.2...
GHSA-MCJ5-6QR4-95FJ AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)
Summary An unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but this is trivially bypassed using a backslash escape techniqu...
CVE-2025-67830
Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...
CVE-2026-22193 wpDiscuz before 7.6.47 - SQL Injection in getAllSubscriptions()
wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activationkey, subscriptiondate, and importedfrom parameters to manipulate...
WordPress plugin CP Contact Form with Paypal SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-25303
🟠 CVE-2026-32459 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue af... https://t.co/cgG00hiU3x https://t.co/E6pmdn1Kzn...
CVE-2019-25527
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...
CVE-2019-25538 202CMS v10 beta SQL Injection via log_user Parameter
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the loguser parameter. Attackers can send crafted requests with malicious SQL statements in the loguser field to extract sensitive database...
PT-2026-24978
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. Attackers can send POST requests to arama.php with malicious SQL payloads in the poll parameter ...
EUVD-2026-11311
WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...