PT-2026-36786

A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

PT-2026-36760

A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get state.php. The manipulation of the argument G STATE ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been...

Astra Linux - уязвимость в python-pymysql

PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...

CVE-2026-7694

The CVE concerns Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0, where an unknown function in /SubstationWEBV2/main/elecMaxMinAvgValue is vulnerable to SQL injection via manipulating the fCircuitids parameter. It is exploitable remotely and an exploit has be...

CVE-2026-7688 Dolibarr ERP CRM Shipments API Endpoint expedition.class.php _checkValForAPI sql injection

A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be...

PT-2026-36698

Name of the Vulnerable Software and Affected Versions Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform version 1.3.0 Description An issue exists in the '/SubstationWEBV2/main/elecMaxMinAvgValue' file where the manipulation of the fCircuitids argument allows for SQL...

yudao-cloud 注入漏洞

Yudao-Cloud is a backend management system developed by YunaiV’s individual developer. Versions of Yudao-Cloud prior to 2026.01 contained a injection vulnerability. This vulnerability originated from the function getDataBySQL in the file...

CVE-2026-7489

CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-7649

ARMember for WordPress (vendor: ARMember plugin) is affected up to version 4.0.60 by a time-based blind SQL injection in the orderby parameter. Root cause: insufficient escaping of the user-supplied orderby value and lack of proper SQL query preparation, enabling unauthenticated attackers to appe...

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the /edituser.php file when...

PT-2026-36604

Name of the Vulnerable Software and Affected Versions itsourcecode Courier Management System version 1.0 Description A remote SQL injection exists in the /edit user.php file. This issue occurs when the ID argument is manipulated, allowing an attacker to execute arbitrary SQL commands...

Exploit for CVE-2026-42167

\ CVE-2026-42167 POC Pre-Authentication Remote Code Executio...

CVE-2026-7549

SourceCodester Pharmacy Sales and Inventory System 1.0 is affected by a SQL injection in the /ajax.php?action=delete_customer endpoint. The vulnerability arises from manipulating the argument ID, enabling remote attacker to influence the database. An exploit has been published and may be used. Th...

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the data array parameter of th...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

Code-Projects Gym Management System 注入漏洞

Code-Projects Gym Management System is an open-source gym management system developed by Code-Projects. Version 1.0 of the Code-Projects Gym Management System has a vulnerability related to SQL injection, which arises from incorrect handling of parameters in the file admin/editexercises.php,...

CVE-2026-7435 SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

EUVD-2026-26437

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute...

CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

SourceCodester Pet Grooming Management Software 注入漏洞

SourceCodester Pet Grooming Management Software is an open-source pet grooming management system developed by SourceCodester. Version 1.0 of SourceCodester Pet Grooming Management Software contains a SQL injection vulnerability. This vulnerability stems from the handling of parameters type, lengt...