CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

CVE-2019-25366 microASP Portal+ CMS SQL Injection via pagina.phtml

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explodetree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and...

CVE-2019-25439

Vulnerability summary (CVE-2019-25439) : NoviSmart CMS contains an SQL injection vulnerability exploitable via the Referer HTTP header. An attacker can craft requests including time-based SQL payloads in the Referer header to execute arbitrary SQL queries, potentially extracting sensitive databas...

CVE-2019-25439 NoviSmart CMS SQL Injection via Referer HTTP Header

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can craft requests with time-based SQL injection payloads in the Referer header to extract sensitive...

CVE-2019-25452

Dolibarr ERP/CRM 10.0.1 is affected by an SQL injection in the elemid POST parameter of viewcat.php. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data, using error-based or time-based blind techniques. Affected component/entry points: D...

CVE-2019-25450

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demandreasonid, and availabilityid in...

CVE-2026-2912

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument testid results in sql injection. It is possible to launch the attack remotely. Th...

CVE-2026-2912 code-projects Online Reviewer System studentresult-view.php sql injection

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument testid results in sql injection. It is possible to launch the attack remotely. Th...

PT-2026-21444

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

Web Ofisi Firma SQL注入漏洞

Web Ofisi Firma is a general-purpose corporate website script system developed by the Turkish company Web Ofisi. Version 13 of Web Ofisi Firma contains an SQL injection vulnerability, which stems from insufficient input validation for oz array parameters, potentially allowing SQL injection attack...

PT-2026-21446

Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into parameters like emlak durumu, emlak tipi, il, ilce, kelime, and semt to extract sensiti...

PT-2026-21439

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerar pdf.php endpoint with malicious cid values to extract sensitive database...

CVE-2025-69304

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a through = 1.1...

CVE-2025-69365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from n/a through = 1.4.4...

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2025-69310

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: from n/a through = 1.4...

CVE-2025-69295

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from n/a through = 1.3...

CVE-2025-67987

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.3.1...

BIT-GHOST-2026-26980 Ghost has a SQL Injection in its Content API

Ghost is a Node.js content management system. Versions 3.24.0 through 6.19.0 allow unauthenticated attackers to perform arbitrary reads from the database. This issue has been fixed in version 6.19.1...

UBUNTU-CVE-2026-27470

ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the web/ajax/status.php file within the getNearEvents function. Event field values specifically Name a...