FreePBX SQL注入漏洞

FreePBX is a set of tools from the FreePBX project that allow configuration of Asterisk an IP telephony system through a GUI graphical web-based interface. Versions of FreePBX prior to 16.0.49 and 17.0.7 have a SQL injection vulnerability, which stems from SQL query injections in the Call Data...

CVE-2026-20002

A vulnerability in the web-based management interface of Cisco Secure FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to inadequate validation of user-supplied input. An attacker could exploit this...

CVE-2019-25504

NCrypted Jobgator contains an SQL injection vulnerability in the Find-Jobs endpoint. The vulnerability is triggered via the experience parameter, allowing unauthenticated attackers to manipulate database queries and extract sensitive data. An attacker can send crafted POST requests to the agents ...

CVE-2019-25503

CVE-2019-25503 affects PHPads 2.0. The vulnerability is an SQL injection in the bannerID parameter of click.php3, allowing unauthenticated attackers to craft values (e.g., SQL comments, extractvalue) to execute arbitrary queries and reveal data such as the current database name. The impact is hig...

Cisco Secure Firewall Management Center Software SQL Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface and REST API of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Detai...

Vulnerability fixed in n8n Automation Platform

N8n has fixed a vulnerability in the Merge node in SQL query mode Specifically for versions prior to 2.10.1, 2.9.3 and 1.123.22. The vulnerability is in how the Merge node executes SQL queries. Authenticated users with rights to create or modify workflows can execute arbitrary code and write file...

CVE-2023-7337 JS Help Desk – AI-Powered Support & Ticketing System 2.8.2 - Unauthenticated SQL Injection via 'js-support-ticket-token-tkstatus' Cookie

The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...

CVE-2026-1651 Email Subscribers & Newsletters <= 5.9.16 - Authenticated (Administrator+) SQL Injection via 'workflow_ids' Parameter

The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the 'workflowids' parameter in all versions up to, and including, 5.9.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Databasir 安全漏洞

Databasir is a open-source relational database model documentation management platform for teams. Versions of Databasir 1.0.7 and earlier contain security vulnerabilities. These vulnerabilities stem from SQL injections in the query parameters of the search API endpoint, which could allow remote...

PT-2026-22960

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. Attackers can send POST requests to the monthly deposit endpoint with malicious symbol values using boolean-based blind,...

PT-2026-22954

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job id parameter. Attackers can send POST requests to get job applications ajax.php with malicious job id values to bypass authenticatio...

Cisco Secure Firewall Management Center SQL注入漏洞

Cisco Secure Firewall Management Center is a powerful network security management tool developed by Cisco, Inc. Cisco Secure Firewall Management Center has a SQL injection vulnerability, which stems from insufficient user input validation. This vulnerability could allow authenticated remote...

SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access

Summary /api/query/sql allows users to run SQL directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any SQL query on the database. Details The vulnerable endpoint is in kernel/api/sql.go go func SQLc gin.Context ret := gulu.Ret.NewResult defer...

GHSA-JQWG-75QF-VMF9 SiYuan's direct SQL Query API accessible to Reader-level users enables unauthorized database access

Summary /api/query/sql allows users to run SQL directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any SQL query on the database. Details The vulnerable endpoint is in kernel/api/sql.go go func SQLc gin.Context ret := gulu.Ret.NewResult defer...

BIT-DISCOURSE-2026-27149 Discourse has SQL injection in PM tag filtering

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering listprivatemessagestag allows bypassing tag filter conditions, potentially disclosing unauthorized private message metadata. Versions 2025.12.2, 2026.1.1, and...

CVE-2026-26702

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitemreuse.php...

CVE-2026-26695

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudentedit.php...

CVE-2026-26694

code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modalview.php...

CVE-2025-70821

renren-secuity before v5.5.0 is vulnerable to SQL Injection in the BaseServiceImpl.java component...