CVE-2026-34228

Emlog (open source website building system) contains CSRF in the backend upgrade interface prior to version 2.6.8. The interface accepts remote SQL and ZIP URLs via GET parameters; the server downloads and executes the SQL file, then downloads and extracts the ZIP into the web root without CSRF t...

CVE-2026-28516 openDCIM <= 23.04 SQL Injection in Config::UpdateParameter

openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directly into SQL statements using string interpolation without prepared statements or proper input...

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

PT-2026-1814

Name of the Vulnerable Software and Affected Versions Advantech IoTSuite & IoT Edge products affected versions not specified Description Successful exploitation of a SQL injection issue could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when...

EUVD-2019-11039

Malware in sbrugna...

Library System approve.php File SQL Injection Vulnerability

Library System is a library system. Library System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter ID of the file /approve.php. An attacker can exploit this vulnerability to execute illegal SQL commands to ste...

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

WeGIA SQL Injection Vulnerability (CNVD-2025-22280)

WeGIA is a web manager for welfare organizations. WeGIA suffers from a SQL injection vulnerability that stems from a lack of validation of query parameters against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive...

CVE-2020-15925

A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.10.21 allows remote authenticated attackers to execute arbitrary SQL commands via the TPFXPAR1 parameter...

Easy B2C Mall System d***.php file exists arbitrary SQL statement execution vulnerability

Easy B2C mall system is a mall system based on open source framework development. Easy B2C mall system d.php file exists arbitrary SQL statement execution vulnerability. An attacker can exploit the vulnerability to execute arbitrary SQL statements within the file...

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

CVE-2019-20495

cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming SEC-531...

Deepwoods Software WebLibrarian SQL Injection Vulnerability

Deepwoods Software WebLibrarian is a book management system plugin for use in WordPress from Deepwoods Software, USA. A SQL injection vulnerability exists in the 'AllBarCodes' function in Deepwoods Software WebLibrarian 3.5.2 and earlier versions. The vulnerability stems from a lack of validation...

Square 9 GlobalForms SQL Injection Vulnerability

Square 9 GlobalForms is a web form management software from Square 9 Softworks. The software collects Web form data and automatically populates it with keywords. A SQL injection vulnerability exists in the 'match' parameter in Square 9 GlobalForms version 6.2.x. A remote attacker could use this...

UBUNTU-CVE-2015-4342

SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id...

crafty-sql.txt

GulfTech Security Research August 25, 2008 Vendor : Eric Gerdes URL : http://www.craftysyntax.com Version : Crafty Syntax Live Help = 2.14.6 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of ...

PHPCOIN 1.2 - login.php Multiple Cross-Site Scripting Vulnerabilities

PHPCOIN 1.2 - login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12686/info Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical...