180 matches found
PT-2026-41466
Name of the Vulnerable Software and Affected Versions Fuel CMS version 1.4.13 Description Authenticated attackers can manipulate database queries by injecting SQL code through the col parameter in the Activity Log interface. By sending requests to the 'logs' endpoint with malicious SQL payloads i...
CVE-2026-39358 CubeCart: Time-based Blind SQL Injection
CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...
PT-2026-40579
The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-42742 WordPress Views for WPForms plugin <= 3.4.6 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Views for WPForms views-for-wpforms-lite allows Blind SQL Injection.This issue affects Views for WPForms: from n/a through = 3.4.6...
CVE-2026-42741 WordPress Ninja Forms Views – Display & Edit Ninja Forms Submissions on your site frontend plugin <= 3.3.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Aman Ninja Forms Views Display & Edit Ninja Forms Submissions on your site frontend views-for-ninja-forms allows Blind SQL Injection.This issue affects Ninja Forms Views Display & Edit Ninja Forms...
Blind_SQLI_FlaskProject
No d...
Exploit for CVE-2026-6379
CVE-2026-6379 — WP Photo Album Plus :8080/?pageid=" --mode pr...
Craft Commerce hasVariant/hasProduct Blind SQL Injection
Overview Craft Commerce’s ProductQuery::hasVariant and VariantQuery::hasProduct properties bypass the unset blocklist added to ElementIndexesController in GHSA-2453-mppf-46cj. The blocklist only strips top-level Yii2 Query properties where, orderBy, etc., but hasVariant and hasProduct pass throug...
EUVD-2023-60550
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...
CVE-2026-39487
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL Injection.This issue affects Amelia: from n/a through = 2.1.1...
CVE-2026-39496
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...
CVE-2026-39466 WordPress Broken Link Checker plugin <= 2.4.7 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMU DEV - Your All-in-One WordPress Platform Broken Link Checker broken-link-checker allows Blind SQL Injection.This issue affects Broken Link Checker: from n/a through = 2.4.7...
Revive Adserver: Blind SQL injection via clientid parameter in zone‑include.php
Vulnerability description not provided...
EUVD-2026-17581
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...
CVE-2026-30520
SourceCodester Loan Management System v1.0 contains a Blind SQL Injection in ajax.php (save_loan action) where the borrower_id parameter in a POST request is not properly sanitized. An authenticated attacker could inject SQL commands via this input. The affected component is the web application’s...
CVE-2026-30520
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...
CVE-2026-33914
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, the PostCalendar module contains a blind SQL injection vulnerability in the categoriesUpdate administrative function. The dels POST parameter is read via...
Linux Distros Unpatched Vulnerability : CVE-2026-23921
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL...
CVE-2026-1708
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection in all versions up to, and including, 1.6.9.27. This is due to the dbwhereconditions method in the TDDBModel class failing to prevent the appendwheresql paramet...
CVE-2026-29187 OpenEMR Vulnerable to Authenticated Blind Boolean-Based SQL Injection in new_search_popup.php
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...