Sourceforge SimplePress CMS SQL注入漏洞

SourceForge SimplePress CMS is an open-source content management system developed by SourceForge. Version 1.0.7 of SourceForge SimplePress CMS has a SQL injection vulnerability. This vulnerability stems from the presence of SQL injections in the p and s parameters, which could allow unauthenticat...

WordPress Miraculous Core Plugin plugin < 2.1.2 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Miraculous Core Plugin versions 2.1.2...

CVE-2026-33133 WeGIA has an arbitrary SQL execution vulnerability via crafted backup archive

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

EUVD-2026-13569

A security vulnerability has been detected in itsourcecode Online Frozen Foods Ordering System 1.0. This vulnerability affects unknown code of the file /admin/admineditsupplier.php. The manipulation of the argument SupplierName leads to sql injection. The attack can be initiated remotely. The...

CVE-2026-4471

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admineditemployee.php. Executing a manipulation of the argument FirstName can lead to sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-32954

ERP is a free/open-source Enterprise Resource Planning tool. Versions prior to 15.100.0 and 16.8.0 contain time-based and boolean-based blind SQL injection in certain endpoints due to insufficient parameter validation, enabling attackers to infer database information. The issue is fixed in versio...

CVE-2026-32888

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

CVE-2026-32767 SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

SiYuan is a personal knowledge management system. Versions 3.6.0 and below contain an authorization bypass vulnerability in the /api/search/fullTextSearchBlock endpoint. When the method parameter is set to 2, the endpoint passes user-supplied input directly as a raw SQL statement to the underlyin...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Search” in the file...

Open Source Point of Sale SQL注入漏洞

Open Source Point of Sale is an open-source sales point system based on the Open Source POS framework. Open Source Point of Sale has a SQL injection vulnerability; this vulnerability stems from the project’s search function, which allows for SQL injections, potentially leading to arbitrary SQL...

WeGIA SQL注入漏洞

WeGIA is a network manager for welfare institutions developed by Nilson Lazarin as an individual project. Versions 3.6.5 and 3.6.6 of WeGIA contain SQL injection vulnerabilities. These vulnerabilities stem from a lack of content validation during the loading of SQL files by the loadBackupDB...

OneUptime SQL注入漏洞

OneUptime is a comprehensive solution developed by OneUptime OpenSource. It is used to monitor and manage your online services. Versions of OneUptime prior to 10.0.34 contained a SQL injection vulnerability. This vulnerability stemmed from the lack of column name validation in multiple query...

PT-2026-26563

A weakness has been identified in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /admin/admin edit employee.php. Executing a manipulation of the argument First Name can lead to sql injection. It is possible to launch the attack remotely. The exploit...

SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan OpenSource. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from an authorization bypass in the/api/search/fullTextSearchBlock endpoint, which could allow...

GHSA-MCJ5-6QR4-95FJ AVideo has an Unauthenticated SQL Injection via `doNotShowCats` Parameter (Backslash Escape Bypass)

Summary An unauthenticated SQL injection vulnerability exists in objects/category.php in the getAllCategories method. The doNotShowCats request parameter is sanitized only by stripping single-quote characters strreplace"'", '', ..., but this is trivially bypassed using a backslash escape techniqu...

BasicSQLiScanner

No d...

WordPress plugin Profile Builder Pro SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-208838

Mura before 10.1.14 allows beanFeed.cfc getQuery sortby SQL injection...

SQL Injection

phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization...