Lucene search
K

9 matches found

NVD
NVD
added 2026/06/29 2:16 p.m.9 views

CVE-2026-40524

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 11:53 a.m.7 views

CVE-2025-71332

Flowise 2.2.7 contains a SQL injection in the importChatflows API triggered by unsanitized chatflow.id in a JSON import file. An authenticated user can craft the id field so it is concatenated into a SQL IN clause, enabling arbitrary SQL execution and extraction of data from the credential table ...

8.8CVSS6AI score0.00283EPSS
Exploits1References2Affected Software1
GithubExploit
GithubExploit
added 2026/05/31 4:39 a.m.108 views

TypiCMS-Search-LIKE-Wildcard-Info-Disclosure

TypiCMS Search LIKE Wildcard Information Disclosure A proof-o...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/17 12:11 p.m.15 views

CVE-2018-25339

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that enables unauthenticated attackers to extract database information via time-based blind techniques. Exploitation can be performed to confirm vulnerability and retrieve data, indicating potential impact to confidentiality. Th...

8.8CVSS5.9AI score0.00267EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/02 1:50 a.m.7 views

CVE-2026-28562

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

9.8CVSS6AI score0.00428EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/28 9:47 p.m.4 views

CVE-2026-28562

wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::gettopics where the ORDER BY clause relies on ineffective escsql sanitization on unquoted identifiers. Attackers exploit the wpfob parameter with CASE WHEN payloads to perform blind boolean extraction of credentials...

9.8CVSS6AI score0.00428EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/02/28 9:47 p.m.28 views

CVE-2026-28562

CVE-2026-28562 affects wpForo 2.4.14. The vulnerability is an unauthenticated SQL injection in Topics::get_topics(), where the ORDER BY clause relies on insufficient esc_sql() sanitization for unquoted identifiers. An attacker can craft wpfob payloads (e.g., using CASE WHEN) to perform blind bool...

9.8CVSS6AI score0.00428EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/22 3:16 p.m.6 views

CVE-2019-25457

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can send GET requests to category pages with malicious 'oz' values using time-based blind SQL injectio...

7.5CVSS5.9AI score0.00405EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.16 views

PT-2026-6738

RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can exploit time-based and boolean-based blind SQL injection techniques to extract information or...

7.1CVSS5.8AI score0.00214EPSS
Exploits0References4
Rows per page
Query Builder