2765 matches found
PT-2026-36592
The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geo mashup null fields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. Th...
PT-2026-36608
The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object ids' and 'exclude object ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the...
WordPress plugin Geo Mashup SQLๆณจๅ ฅๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
SQLInjection
Projekt Edukacyjny: Podatnoลci SQL Injection Niniejsze repozy...
PT-2026-37144
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description A logic error in the two-factor authentication 2FA reset process inverts the authorization check. This allows non-admin users to remove the Time-based One-Time Password TOTP configuration of other...
๐ openDCIM 25.01 SQL Injection
openDCIM version 25.01 remote SQL injection exploit that can be leveraged to execute arbitrary code. ================================================================================================================================== | Title : openDCIM 25.01 Python Exploit โ Authenticated &...
sqli-research
๐ฌ sqli-research Time-Based Blind SQL Injection โ Riset, Po...
CVE-2026-33084
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the sort parameter of the /de2api/datasetData/enumValueObj endpoint. The DatasetDataManage service layer directly transfers the user-supplied sort value to the...
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...
WordPress MasterStudy LMS plugin <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability
Authenticated Subscriber+ Time-based Blind SQL Injection via 'order' and 'orderby' Parameters vulnerability discovered by Naoya Takahashi nakko in WordPress Plugin MasterStudy LMS versions = 3.7.25...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
EUVD-2026-23338
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
CVE-2026-4817
The MasterStudy LMS WordPress Plugin for Online Courses and Education is affected by CVE-2026-4817 (versions up to 3.7.25). A time-based blind SQL injection exists in the /lms/stm-lms/order/items REST API endpoint via the order/orderby parameters due to insufficient input sanitization and a desig...
PT-2026-33393
The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms/order/items REST API endpoint in versions up to and including 3.7.25. This is due to insufficient...
WordPress plugin MasterStudy LMS WordPress Plugin for Online Courses and Education ๅฎๅ จๆผๆด
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-33082
DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to...
CVE-2026-33083
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...