6204 matches found
PT-2026-25706
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...
itsourcecode College Management System SQL注入漏洞
itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the coursecode parameter in the file...
RealtyScript SQL注入漏洞
RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability. This vulnerability stems from time-based blind SQL injections, which may allow unverified attackers to extract database information by injecting...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a SQL injection vulnerability that stems from a misconfiguration that may allow execution of harmful SQL queries, which can be exploited by an attacker to cause unexpected database interactions or limited...
Vanna SQL注入漏洞
Vanna is a personalized AI SQL proxy from Vanna Corporation. Versions of Vanna 2.0.2 and earlier had a SQL injection vulnerability. This vulnerability stemmed from improper handling of the updatesql function in the src/vanna/legacy/flask/init.py file of the component endpoint, which could lead to...
RealtyScript SQL注入漏洞
RealtyScript is a real estate website management system developed by RealtyScript Inc. Version 4.0.2 of RealtyScript has a SQL injection vulnerability, which stems from improper cleaning of the uid and agent parameters. This vulnerability could allow unverified attackers to inject arbitrary SQL...
HCL AION 安全漏洞
HCL AION is an AI lifecycle management platform from HCL India. HCL AION suffers from a security vulnerability that stems from a lack of validation or restriction on SQL query execution, which can be exploited by an attacker to cause unexpected database interactions or information leakage...
CodePhiliaX Chat2DB SQL注入漏洞
CodePhiliaX Chat2DB is an open-source AI-driven SQL client developed by CodePhiliaX. Versions of CodePhiliaX Chat2DB 0.3.7 and earlier contain a SQL injection vulnerability. This vulnerability arises from improper handling of parameters in the functions exportTable, exportTableColumnComment,...
AnythingLLM SQL注入漏洞
AnythingLLM is an all-in-one AI application open-sourced by Mintplex. AnythingLLM SQL injection vulnerability , the vulnerability stems from the built-in SQL proxy plug-in getTableSchemaSql method of the tablename parameter lack of validation of external input SQL statements , an attacker can use...
web_vuln_scanner
webvulnscanner A cybersecurity...
SQL Injection
Craft Commerce is vulnerable to SQL Injection. The vulnerability is due to lack of whitelist validation on the sort parameter passed to orderBy, which allows an attacker to inject malicious SQL into the ORDER BY clause and manipulate database queries...
EUVD-2026-11949
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...
EUVD-2026-12017
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in flycart UpsellWP checkout-upsell-and-order-bumps allows Blind SQL Injection.This issue affects UpsellWP: from n/a through = 2.2.4...
EUVD-2026-11941
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...
EUVD-2026-11858
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...
EUVD-2026-11792
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = 1.16.10...
EUVD-2026-11798
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ays Pro Fox LMS fox-lms allows Blind SQL Injection.This issue affects Fox LMS: from n/a through = 1.0.6.3...
CVE-2026-32628
AnythingLLM has a SQL injection in the built‑in SQL Agent plugin (v1.11.1 and earlier) allowing a user who can invoke the agent to run arbitrary SQL on connected databases. The vulnerability stems from getTableSchemaSql() building queries via direct string concatenation of the table_name paramete...
CVE-2026-32458 WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 WOLF bulk-editor allows Blind SQL Injection.This issue affects WOLF: from n/a through = 1.0.8.7...
CVE-2026-32422
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Blind SQL Injection.This issue affects WP EasyCart: from n/a through = 5.8.13...