6206 matches found
EUVD-2026-7409
Ormar is a async mini ORM for Python. In versions 0.9.9 through 0.22.0, when performing aggregate queries, Ormar ORM constructs SQL expressions by passing user-supplied column names directly into sqlalchemy.text without any validation or sanitization. The min and max methods in the QuerySet class...
EUVD-2026-7410
A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be...
injectproof
InjectProof The SQL injection scanner that finds what sqlma...
PT-2026-21799
Name of the Vulnerable Software and Affected Versions InSAT MasterSCADA BUK-TS affected versions not specified Description The software is susceptible to SQL Injection through its main web interface. Successful exploitation may allow attackers to execute code remotely. The vulnerability does not...
PT-2026-21679
Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An issue exists in Apache Superset that allows an authenticated user with read access to conduct error-based SQL injection. This is due to improper neutralization of special elements used in ...
Mautic 安全漏洞
Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Mautic has a security vulnerability, which stems from SQL injections in the API endpoints used for retrieving contact activities...
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option...
CVE-2026-2963 Jinher OA C6 OfficeSupplyTypeRight.aspx sql injection
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the argument id/offsnum causes sql injection. It is possible to initiate the attack remotely. The...
PT-2026-21502
Name of the Vulnerable Software and Affected Versions ManageEngine ADSelfService Plus versions 6522 and below Description ManageEngine ADSelfService Plus versions 6522 and below are susceptible to an authenticated SQL Injection issue in the search report option. An attacker with valid credentials...
CVE-2019-25461
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers can send POST requests to the ajax/productsFilterSearch endpoint with malicious 'q' values using...
CVE-2019-25456
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...
CVE-2019-25455
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information...
UBUNTU-CVE-2019-25452
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extrac...
CVE-2019-25391
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POST requests to the admin/bannedcustomers.php endpoint with crafted SQL payloads using SLEEP functio...
CVE-2019-25462 Web Ofisi Rent a Car v3 SQL Injection via klima Parameter
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can send GET requests to with malicious 'klima' values to extract sensitive database information or...
CVE-2019-25457
Web Ofisi Firma v13 is affected by an SQL injection vulnerability in the oz parameter (oz[] array) that allows unauthenticated attackers to manipulate database queries. The issue is exploitable via simple GET requests to category pages, using time-based blind SQL injection payloads to extract dat...
CVE-2019-25456 Web Ofisi Emlak v2 SQL Injection via ara Parameter
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can send requests to with time-based SQL injection payloads to extract sensitive database information or...
CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...
CVE-2019-25439
Vulnerability summary (CVE-2019-25439) : NoviSmart CMS contains an SQL injection vulnerability exploitable via the Referer HTTP header. An attacker can craft requests including time-based SQL payloads in the Referer header to execute arbitrary SQL queries, potentially extracting sensitive databas...