CVE-2026-31844

An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

CVE-2025-65354

CVE-2025-65354 affects PuneethReddyHC event-management version 1.0. The Red Hat and NVD entries, along with other feeds, describe improper input handling in /Grocery/search_products_itname.php that allows SQL injection via the sitem_name POST parameter. Crafted payloads can alter query logic and ...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

CVE-2025-65354

Improper input handling in /Grocery/searchproductsitname.php inPuneethReddyHC event-management 1.0 permits SQL injection via the sitemname POST parameter. Crafted payloads can alter query logic and disclose database contents. Exploitation may result in sensitive data disclosure and backend...

PT-2025-52847

Name of the Vulnerable Software and Affected Versions PuneethReddyHC event-management version 1.0 Description Improper input handling in the /Grocery/search products itname.php file allows for SQL injection via the sitem name POST parameter. Crafted payloads can alter query logic and disclose...

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-graphql, which allows an attacker to modify and take over the administrator account on the backend. The affected version...

SAP Business Client 安全漏洞

SAP Business Client is a user interface client program from SAP. The program supports access to multiple SAP applications from a single platform. SAP Business Client has a security vulnerability that allows him to read extremely sensitive data such as credentials. This would allow an attacker to...

PowerDNS DNSDist Data Injection Vulnerability

PowerDNS DNSDist is a load balancer from the Dutch company PowerDNS that shunts traffic to different servers to provide optimal performance for users. A security vulnerability exists in PowerDNS DNSDist versions prior to 1.3.3. A remote attacker can exploit the vulnerability with the help of...

Multiple File Upload Vulnerabilities in CLTPHP Content Management System

CLTPHP is a content management system based on ThinkPHP5 development with Layui framework in the backend. Multiple file upload vulnerabilities exist in the backend of the CLTPHP content management system, which allows attackers to log in to the backend and upload webshells to gain control of the...

SQL injection vulnerability in the init function of iCMS latest version V7admincp.class.php page

iCMS is a free, clean, efficient, and useful PHP content management system. The latest version of iCMS V7admincp.class.php page init function has a SQL injection vulnerability that can be exploited by attackers to bypass the backend and directly log into the system to obtain sensitive information...

Joomla! com_fields component SQL injection vulnerability

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. A SQL injection vulnerability exists in the comfields component in Joomla! version 3.7.0, which allows remote attackers to obtain sensitive database...

DokuWiki persistent Cross Site Scripting

Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18...

DokuWiki 2014-09-29c Cross Site Scripting

Advisory ID: SGMA15-001 Title: DokuWiki persistent Cross Site Scripting Product: DokuWiki Version: 2014-09-29c and probably prior Vendor: www.dokuwiki.org Vulnerability type: Persistent XSS Risk level: Medium Credit: Filippo Cavallarin - segment.technology CVE: N/A Vendor notification: 2015-03-18...