CVE-2026-39330

ChurchCRM (pre-7.1.0) contains a SQL injection in /PropertyAssign.php exploitable by authenticated users with roles Manage Groups & Roles and Edit Records via the Value parameter. The vulnerability can allow arbitrary SQL execution to read/modify database data. It is fixed in 7.1.0; upgrade to 7....

CVE-2026-39326 ChurchCRM has a Blind SQL injection in PropertyTypeEditor.php

ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description paramete...

CVE-2026-39325

ChurchCRM (open-source church management) has a Blind SQL injection in /SettingsUser.php affecting versions prior to 7.1.0 (notably 7.0.5). Authenticated administrative users can inject arbitrary SQL through the type array parameter (via the index) to read/modify database data. The vulnerability ...

CVE-2026-34402

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39330. Reason: This candidate is a duplicate of CVE-2026-39330. Notes: All CVE users should reference CVE-2026-39330 instead of this candidate. All references and descriptions in this candidate have been removed to...

CVE-2026-34402

...

PT-2026-30473

SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to...

MB Connect Line mbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 is a remote service portal developed by the German company MB Connect Line. This product supports functions such as remote access, data recording, and alarm notifications. MB Connect Line mbCONNECT24 has a SQL injection vulnerability, which stems from improper handling...

CVE-2026-30520

A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...

VulnCheck KEV: CVE-2025-48281

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mystyleplatform MyStyle Custom Product Designer mystyle-custom-product-designer allows Blind SQL Injection.This issue affects MyStyle Custom Product Designer: from n/a through = 3.21.1...

CVE-2026-25007

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Element Invader ElementInvader Addons for Elementor elementinvader-addons-for-elementor allows Blind SQL Injection.This issue affects ElementInvader Addons for Elementor: from n/a through = 1.4.2...

CVE-2026-25340

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Jobmonster noo-jobmonster allows Blind SQL Injection.This issue affects Jobmonster: from n/a through 4.8.4...

CVE-2026-32499

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in QuantumCloud ChatBot chatbot allows Blind SQL Injection.This issue affects ChatBot: from n/a through = 7.7.9...

CVE-2026-24977

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NooTheme Organici Library noo-organici-library allows Blind SQL Injection.This issue affects Organici Library: from n/a through = 2.1.2...

CVE-2026-32365

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Archives collapsing-archives allows Blind SQL Injection.This issue affects Collapsing Archives: from n/a through = 3.0.7...

CVE-2026-32418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

CVE-2026-32368

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in delphiknight Geo to Lat geo-to-lat allows Blind SQL Injection.This issue affects Geo to Lat: from n/a through = 1.0.19...

CVE-2026-27413

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a before 3.14.0...

CVE-2018-25203

Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blin...

CVE-2018-25204

Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username...

CVE-2026-29187

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a Blind SQL Injection vulnerability exists in the Patient Search functionality /interface/new/newsearchpopup.php. The vulnerability allows an authenticated attacker t...