CVE-2026-0242 Trust Protection Foundation: SQL Injection Vulnerability

A SQL injection vulnerability in Trust Protection Foundation allows an authenticated attacker to execute arbitrary SQL commands against the product database. Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full...

EUVD-2025-209515

Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases...

PT-2026-33426

Name of the Vulnerable Software and Affected Versions Sparx Pro Cloud Server affected versions not specified Description An unauthenticated user can execute arbitrary SQL commands in the database. This SQL injection allows for a complete database takeover without requiring credentials...

CVE-2026-33207

DataEase (open-source data visualization/analytics) contains a SQL injection in versions ≤ 2.10.20 at the /datasource/getTableField endpoint. The getTableFiledSql method concatenates the tableName into SQL via String.format without parameterization, and validation in DatasourceServer.py can be by...

CVE-2018-25207

Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Versions of SuiteCRM prior to 7.15.1 and 8.9.3 had an SQL injection vulnerability. This vulnerability stemmed from the authentication mechanism not properly clearing the username provided by users when directory...

CVE-2025-58112

CVE-2025-58112 affects Microsoft Dynamics 365 Customer Engagement (on-premises) 1612 (9.0.2.3034). The vulnerability arises when an attacker uploads a malicious .rdl (Report Definition Language) file that is processed by SQL Server Reporting Services, enabling generation of customized reports via...

CVE-2026-32628

AnythingLLM has a SQL injection in the built‑in SQL Agent plugin (v1.11.1 and earlier) allowing a user who can invoke the agent to run arbitrary SQL on connected databases. The vulnerability stems from getTableSchemaSql() building queries via direct string concatenation of the table_name paramete...

PT-2026-23647

Name of the Vulnerable Software and Affected Versions Ghostfolio versions prior to 2.244.0 Description Ghostfolio is a wealth management software susceptible to arbitrary SQL command execution. An attacker can bypass symbol validation to execute SQL commands through the getHistorical method...

CVE-2026-22850

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

CVE-2026-22850 Koko Analytics vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import

Koko Analytics is an open-source analytics plugin for WordPress. Versions prior to 2.1.3 are vulnerable to arbitrary SQL execution through unescaped analytics export/import and permissive admin SQL import. Unauthenticated visitors can submit arbitrary path pa and referrer r values to the public...

CVE-2025-37182

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

CVE-2025-37183

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading...

ClipBucket SQL注入漏洞

ClipBucket is an open source and freely downloadable PHP script from MacWarrior Open Source. It is used for sharing video sites. A SQL injection vulnerability exists in ClipBucket v5 versions 5.5.2 through 151 and earlier, which originates from a certified administrator with plugin management...

CVE-2025-52914

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 10.0.1.101 could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQ...

Code-Projects Library System 注入漏洞

Library System is a library system. The Library System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter phone in the file /profile.php. An attacker can exploit this vulnerability to execute illegal SQL...

CVE-2024-33266

SQL Injection vulnerability in Helloshop deliveryorderautoupdate v.2.8.1 and before allows an attacker to run arbitrary SQL commands via the DeliveryorderautoupdateOrdersModuleFrontController::initContent function...

CVE-2010-4721

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter...

WordPress plugin Music Store security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Complete Web-Based School Management System 安全漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A security vulnerability exists in Complete Web-Based School Management System version 1.0. An attacker can exploit this vulnerability to execute arbitrary SQL commands via the index...