PT-2026-3972

Name of the Vulnerable Software and Affected Versions kamleshyadav WP Lead Capturing Pages versions through 2.5 Description The software contains a flaw related to improper handling of special characters within SQL queries, potentially allowing for SQL Injection. This could allow an attacker to...

PT-2026-4087

Name of the Vulnerable Software and Affected Versions ichurakov Paid Downloads versions through 3.15 Description A flaw exists in ichurakov Paid Downloads that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially...

CVE-2021-47872

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

CVE-2021-47872 SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

CVE-2021-47872

CVE-2021-47872 affects SEO Panel versions prior to 4.9.0. The vulnerability is a blind SQL injection in archive.php exposed through the order_col parameter, allowing authenticated attackers to influence database queries and extract data. Exploitation guidance in the documentation references sqlma...

CVE-2021-47872 SEO Panel < 4.9.0 - 'order_col' Blind SQL Injection

SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'ordercol' parameter. Attackers can use sqlmap to exploit the vulnerability and extract database information by...

VulnCheck KEV: CVE-2025-51683

A blind SQL Injection SQLi vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/updateprofileServer endpoint...

CVE-2025-70893

A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied input provided via the adminname parameter, allowing authenticated attackers to inject arbitrary SQL...

CVE-2021-47801

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi

Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...

CVE-2025-67081

An SQL injection vulnerability in Itflow through 25.06 has been identified in the "roleid" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injection, allowing for the extraction of arbitrary data from the database. The vulnerability arises fro...

CVE-2025-70893

CVE-2025-70893 affects PHPGurukul Cyber Cafe Management System v1.0 in adminprofile.php (adminname parameter). The vulnerability is a time-based blind SQL Injection caused by insufficient input sanitization, allowing authenticated attackers to inject arbitrary SQL expressions. Impact is rated Hig...

CVE-2025-12166 Simply Schedule Appointments <= 1.6.9.9 - Unauthenticated SQL Injection via `order` and `append_where_sql` Parameters

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the order and appendwheresql parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack o...

GHSA-QVR7-7G55-69XJ Pimcore Has an Incomplete Patch for CVE-2023-30848

Summary An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL comments -- and catching syntax errors, the fix is insufficient. Attackers can still...

CVE-2026-23492 Pimcore has a Blind SQL Injection in Admin Search Find API due to an incomplete fix for CVE-2023-30848

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

EUVD-2026-2449

Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perform blind SQL injection. Although CVE-2023-30848 attempted to mitigate SQL injection by removing SQL...

PT-2026-2947

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 12.3.1 Pimcore versions prior to 11.5.14 Description Pimcore is an Open Source Data & Experience Management Platform. An incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to...

CVE-2018-1000867

WeBid version up to current version 1.2.2 contains a SQL Injection vulnerability in All five yourauctions.php scripts that can result in Database Read via Blind SQL Injection. This attack appear to be exploitable via HTTP Request. This vulnerability appears to have been fixed in after commit...

CVE-2021-28022

Blind SQL injection in the login form in ServiceTonic Helpdesk software 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries...

CVE-2022-31296

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/viewpost.php...