CVE-2026-6004

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

CVE-2026-6004

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

Code-Projects Simple IT Discussion Forum SQL注入漏洞

Code-Projects Simple IT Discussion Forum is a simple forum developed by Code-Projects as open source. Version 1.0 of the code-projects Simple IT Discussion Forum has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter catid in the file...

CVE-2019-25523

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

CVE-2019-25523

CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...

CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...

PT-2026-24983

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...

CVE-2019-25443 Inventory Webapp SQL Injection via add-item.php

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malicious SQL payloads in the name, description, quantity, or catid parameters to add-item.php to execut...

PT-2025-49584

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat id results in sql injection. The attack may be launched remotely. The exploit has been made public and...

Ecommerce-Website SQL Injection Vulnerability

Ecommerce-Website is a complete e-commerce website with an administration panel built using PHP and MySql. A SQL injection vulnerability exists in Ecommerce-Website version 1.0, which stems from the parameter catid/brandid/keyword in the file action.php that can lead to SQL injection...

CVE-2023-37164

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the catid parameter at /shop/?module=shop&action=search...

Diafan CMS 跨站脚本漏洞

Diafan CMS is a website builder from Diafan. It is used to create online stores. A cross-site scripting vulnerability exists in Diafan CMS v6.0, which originates from the lack of effective filtering and escaping of user-supplied data in the catid parameter of /shop/?module=shop&action=search, whi...

PT-2023-25200 · Thinutech · Thinucms

Name of the Vulnerable Software and Affected Versions: ThinuTech ThinuCMS version 1.5 Description: A critical issue affects some unknown functionality of the file /category.php. The manipulation of the cat id argument leads to sql injection. The attack may be launched remotely. Recommendations: F...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. cross-site scripting vulnerability exists in...

CVE-2011-5137

Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the 1 TopicID parameter to viewtopic.php, the 2 BoardID parameter to viewboard.php, or 3 CatID parameter to viewcat.php...

PT-2010-2498 · Commodityrentals · Commodityrentals Cd Rental

Name of the Vulnerable Software and Affected Versions: CommodityRentals CD Rental Software affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cat id parameter in a "catalog" action within the index.p...

PT-2009-2950 · Flax · Flax Article Manager

Name of the Vulnerable Software and Affected Versions: Flax Article Manager version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cat id parameter in the category.php file. Recommendations: For Flax Article Manager version 1.1,...