6581 matches found
CVE-2026-1481
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...
CVE-2026-1534
A weakness has been identified in code-projects Online Music Site 1.0. This affects an unknown function of the file /Administrator/PHP/AdminEditUser.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available ...
CVE-2026-22243
CVE-2026-22243 — EGroupware SQL Injection (Nextmatch filter processing) Affected software: EGroupware web-based groupware server (PHP), versions prior to 23.1.20260113 and 26.0.20260113. Root cause and vulnerability: An authenticated SQL Injection exists in the Nextmatch filter processing. The is...
EUVD-2026-4883
EGroupware is a Web based groupware server written in PHP. A SQL Injection vulnerability exists in the core components of EGroupware prior to versions 23.1.20260113 and 26.0.20260113, specifically in the Nextmatch filter processing. The flaw allows authenticated attackers to inject arbitrary SQL...
PT-2026-5239
Tanium addressed a SQL injection vulnerability in Asset...
PT-2026-5080
The VidShop – Shoppable Videos for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the 'fields' parameter in all versions up to, and including, 1.1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
PT-2026-5152
WebDamn User Registration Login System contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating email credentials. Attackers can inject the payload '' OR '1'='1' in both username and password fields to gain unauthorized access to...
WebDamn User Registration Login System SQL Injection Vulnerability
The WebDamn User Registration Login System is a user registration and login module developed by WebDamn Corporation. The WebDamn User Registration Login System has a SQL injection vulnerability, which stems from improper handling of email credentials. This vulnerability may lead to SQL injection...
EGroupware SQL Injection Vulnerability
EGroupware is an online office platform developed by EGroupware Inc. Versions of EGroupware prior to 23.1.20260113 and 26.0.20260113 contained a SQL injection vulnerability. This vulnerability stemmed from issues with PHP type confusion handled by the Nextmatch filter, which could lead to SQL...
jshERP SQL Injection Vulnerability
jshERP Huaxia ERP is a domestic ERP system developed by Ji Shenghua. Versions of jshERP 3.6 and earlier had a SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter “barCodes” in the “getBillItemByParam” function located in the...
CVE-2026-1474
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion' en ‘/evaluacioninicio.aspx’, could allow an attacker to...
CVE-2026-1482
CVE-2026-1482 is an out-of-band SQL injection vulnerability in the Performance Evaluation (EDD) application from Gabinete Técnico de Programación. The flaw affects the Id_evaluacion parameter of the /evaluacion_objetivos_evalua_definido.aspx endpoint, enabling an attacker to exfiltrate data from ...
CVE-2026-1479
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameters 'Idusuario' and 'Idevaluacion’ in ‘/evaluacionhcaverauto.asp', could allow an attacker...
CVE-2026-1473
CVE-2026-1473 describes an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the parameter Id_usuario in the page /evaluacion_competencias_evalua.aspx and can allow an attacker to extract sensitive data from th...
EUVD-2020-30876
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
CVE-2020-36951 Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to...
EUVD-2020-30862
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...
CVE-2020-36947 LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulnerability by manipulating the 'sort' parameter with crafted SQL injection techniques to retrieve...
Quatuor Evaluation of Performance SQL Injection Vulnerability
Quatuor Evaluación de Desempeño is a performance evaluation system developed by the Spanish company Quatuor. Quatuor Evaluación de Desempeño has a SQL injection vulnerability. This vulnerability stems from incorrect operations with the parameter Idusuario in the...
SGH SQL injection vulnerability
SGH is a loan fund management PHP script developed by Geraked. Version 0.1.0 of SGH contains an SQL injection vulnerability, which arises from improper handling of the id parameter in the management interface. This vulnerability may lead to SQL injection attacks...