CVE-2018-25182 Silurus Classifieds Script 2.0 SQL Injection via wcategory.php

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...

CVE-2018-25182

CVE-2018-25182 affects Silurus Classifieds Script 2.0. The vulnerability is an SQL injection in wcategory.php via the ID parameter, allowing unauthenticated remote attackers to craft SQL payloads to extract database names and sensitive information. CVSS metrics indicate high severity (CVSS 3.1: 8...

CVE-2018-25180 Maitra 1.7.2 SQL Injection and Database File Download

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...

CVE-2018-25176 Alive Parish 2.0.4 SQL Injection and Arbitrary File Upload

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. Attackers can also upload arbitrary files via the person photo upload functionality to th...

CVE-2018-25175

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. Attackers can submit crafted POST requests to index.php with SQL injection payloads in the identifian...

CVE-2018-25170

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. Attackers can send GET requests to the lesson.php endpoint with malicious SQL payloads to extract sensitive...

CVE-2018-25163

BitZoom 1.0 contains an unauthenticated SQL injection via the rollno and username parameters in forgot.php and login.php. The vulnerability allows arbitrary SQL queries, enabling extraction of database schema and table contents. Affected component: BitZoom 1.0 web application backend; root cause:...

Django: Django: SQL Injection via RasterField band index parameter

A flaw was found in Django. A remote attacker could inject SQL commands by manipulating the band index parameter during raster lookups on RasterField only implemented on PostGIS. This SQL injection vulnerability could lead to unauthorized information disclosure, data alteration, or denial of...

Django: Django: SQL Injection via crafted column aliases

A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...

CVE-2026-29073

Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.

CVE-2026-28785

Ghostfolio prior to version 2.244.0 is vulnerable to arbitrary SQL execution via the getHistorical() method due to symbol validation bypass, potentially allowing read/modify/delete of sensitive financial data for all users. Affected software: Ghostfolio open source wealth management. Root cause: ...

EUVD-2026-9978

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew MySQL, PostgreSQL. This allows...

Webiness Inventory SQL注入漏洞

Webiness Inventory is a web-based inventory management system developed by the individual developer of Webiness. Version 2.3 of Webiness Inventory has a SQL injection vulnerability. This vulnerability stems from an issue with the order parameter, which allows for SQL injections, potentially...

Tina4 Stack SQL注入漏洞

Tina4 Stack is a collection of full-stack development frameworks provided by Tina4 Corporation. Version 1.0.3 of Tina4 Stack contains an SQL injection vulnerability. This vulnerability stems from allowing direct access to database files and SQL injections, which may enable unverified attackers to...

PT-2026-23701

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod id' parameter. Attackers can send POST requests to the editar producto.php endpoint with crafted SQL payloads in the mod...

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

EUVD-2026-9647

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...

CVE-2026-27373 WordPress Tablesome plugin <= 1.2.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a through = 1.2.3...

CVE-2025-69338 WordPress Riode Core plugin <= 1.6.26 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n/a through = 1.6.26...

PT-2026-23268

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Eagle-Themes Eagle Booking eagle-booking allows SQL Injection.This issue affects Eagle Booking: from n/a through = 1.3.4.3...