CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

CVE-2025-46053

A SQL Injection vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the ReportID and ReplaceReportID parameters within a POST request to /reportwriter/admin/ReportCreator.php...

RLSA-2024:6018 Important: postgresql:13 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL relation replacement during pgdump executes arbitrary SQL CVE-2024-7348 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

CVE-2025-26241

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2025-3707 Sunnet eHRD CTMS - SQL Injection

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...

SQL injection in ADOdb PostgreSQL driver pg_insert_id() method

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a PostgreSQL database and calls pginsertid with user-supplied data. Note that the indicated Severity corresponds to a worst-case usage scenario...

CVE-2025-45018

A SQL Injection vulnerability was discovered in the foreigner-bwdates-reports-details.php file of PHPGurukul Park Ticketing Management System v2.0. This vulnerability allows remote attackers to execute arbitrary SQL code via the todate parameter...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

CVE-2025-45021

A SQL Injection vulnerability was identified in the admin/edit-directory.php file of the PHPGurukul Directory Management System v2.0. Attackers can exploit this vulnerability via the email parameter in a POST request to execute arbitrary SQL commands...

Vulnerability of the PostgresDB._process_insert_query() function (file web/db.py), a web application creation framework by web.py, allowing attackers to execute arbitrary SQL commands

The vulnerability of the PostgresDB.processinsertquery function located in the web/db.py file of the web.py web framework is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker to execute arbitrary SQL commands using the seqname...

CVE-2025-45956

A SQL injection vulnerability in managedamage.php in Sourcecodester Computer Laboratory Management System v1.0 allows an authenticated attacker to execute arbitrary SQL commands via the "id" parameter...

CVE-2024-12706

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

CVE-2024-12706 SQL Injection vulnerability discovered in OpenText™ Digital Asset Management.

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in OpenText™ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.:...

CVE-2025-28076

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...

CVE-2025-28076

CVE-2025-28076 describes multiple SQL injection vulnerabilities in EasyVirt DCScope prior to or at 8.6.4 and EasyVirt CO2Scope prior to or at 1.3.4. The root cause is unsafely handled user-supplied parameters across API endpoints, allowing remote authenticated attackers to execute arbitrary SQL c...

CVE-2025-25228

CVE-2025-25228 affects VirtueMart for Joomla (versions 1.0.0–4.4.7). A backend SQL injection in the product management area allows authenticated administrators to execute arbitrary SQL commands. Practical impact is data access/manipulation in the VirtueMart backend. Remediation cited in PT-2025-1...

SQL Injection

flowise-components is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the tableName parameter in PostgresVectorStore, which allows an attacker to execute arbitrary SQL commands...

CVE-2024-36465

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2024-36465 SQL injection in Zabbix API

A low privilege regular Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter...

CVE-2025-30364

WeGIA is a Web manager for charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.2.8 in the endpoint /WeGIA/html/funcionario/remuneracao.php, in the idfuncionario parameter. This vulnerability allows the execution of arbitrary SQL commands, which can...