CVE-2026-3746 SourceCodester Simple Responsive Tourism Website Login Login.php sql injection

A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may...

PT-2026-23976

Name of the Vulnerable Software and Affected Versions itsourcecode University Management System version 1.0 Description A flaw exists in itsourcecode University Management System that allows for remote code execution. The issue is related to the manipulation of the dt argument within the /att...

PT-2026-23883

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.1 Description A flaw exists within JeecgBoot that allows for SQL injection. This issue is located in the isExistSqlInjectKeyword function within the /jeecg-boot/sys/api/getDictItems file. Successful exploitation...

EUVD-2018-21641

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...

CVE-2018-25182 Silurus Classifieds Script 2.0 SQL Injection via wcategory.php

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...

CVE-2018-25180 Maitra 1.7.2 SQL Injection and Database File Download

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...

CVE-2018-25170

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

PT-2026-23701

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod id' parameter. Attackers can send POST requests to the editar producto.php endpoint with crafted SQL payloads in the mod...

CVE-2019-25503

CVE-2019-25503 affects PHPads 2.0. The vulnerability is an SQL injection in the bannerID parameter of click.php3, allowing unauthenticated attackers to craft values (e.g., SQL comments, extractvalue) to execute arbitrary queries and reveal data such as the current database name. The impact is hig...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface and REST API of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Detai...

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

CVE-2026-26698

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modaledit.php...

PT-2026-22606

Name of the Vulnerable Software and Affected Versions sourcecodester Personnel Property Equipment System version 1.0 Description The software is susceptible to a SQL Injection issue. The vulnerability exists in the /ppes/admin/advance search.php file. The vulnerable parameter is not specified...

EUVD-2026-9221

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/viewsupplier.php...

CVE-2026-28562

CVE-2026-28562 affects wpForo 2.4.14. The vulnerability is an unauthenticated SQL injection in Topics::get_topics(), where the ORDER BY clause relies on insufficient esc_sql() sanitization for unquoted identifiers. An attacker can craft wpfob payloads (e.g., using CASE WHEN) to perform blind bool...

osCommerce SQL注入漏洞

osCommerce is a set of open-source e-commerce solutions developed by osCommerce Inc., licensed under the GNU GPL. Version 2.3.4.1 of osCommerce contains a SQL injection vulnerability. This vulnerability stems from the reviewsid parameter, which allows for SQL injections, potentially enabling...

CVE-2026-21410

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution...

EUVD-2026-8511

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacherid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published a...

CVE-2026-3164 itsourcecode News Portal Project contactus.php sql injection

A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...

EUVD-2026-7409

Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...