94 matches found
CVE-2017-20273
CVE-2017-20273 affects Joomla Event Registration Pro Calendar 4.1.3. The connected docs confirm an SQL injection vulnerability in index.php where the id parameter (via option=com_registrationpro&view=category&id) can be exploited unauthenticated to execute arbitrary SQL and extract sensitive data...
CVE-2017-20267
Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...
EUVD-2017-18994
Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the categoryid parameter. Attackers can send GET requests to the events view with malicious SQL code in the categoryid parameter to extract sensiti...
CVE-2017-20267
CVE-2017-20267 affects Joomla! Calendar Planner 1.0.1. The vulnerability is an SQL injection in the category_id parameter used when viewing events, allowing unauthenticated attackers to inject SQL via GET requests to the events view and potentially extract sensitive database information. Affected...
CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid
Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...
CVE-2026-1719 Gravity Bookings <= 2.5.9 - Unauthenticated SQL Injection via 'category_id' Parameter
The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attacke...
CVE-2019-25697
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...
CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...
CVE-2026-6004
The vulnerability affects code-projects Simple IT Discussion Forum 1.0, specifically the /delete-category.php handler where manipulating the cat_id parameter triggers a SQL injection. The issue stems from unsafely handling input in that function, enabling a remote attacker to interact with the da...
EUVD-2026-21286
A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...
PHPGurukul Online Course Registration SQL注入漏洞
PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Corporation. Version 3.1 of PHPGurukul Online Course Registration contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ‘cid’ in the file...
CVE-2026-5672
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument catid leads to sql injection. It is possible to initiate the...
CVE-2026-5672 code-projects Simple IT Discussion Forum Parameter edit-category.php sql injection
A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument catid leads to sql injection. It is possible to initiate the...
PHPGurukul Online Shopping Portal Project SQL注入漏洞
The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from improper handling of the parameter ‘cid’ in the...
CVE-2026-32951
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...
CVE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...
CVE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...
CVE-2026-32951
Discourse suffers an authorization bypass affecting access to shared draft topic titles via an inline onebox request. Affected versions: 2026.1.0-latest to before 2026.1.3; 2026.2.0-latest to before 2026.2.2; and 2026.3.0-latest to before 2026.3.0. An authenticated user can obtain shared draft ti...
CVE-2026-32951 Discourse: Authorization bypass in oneboxer via user-controlled category id
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated user can obtain shared draft topic titles by sending an inline onebox request with a categoryid parameter...
CVE-2026-30534
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/managecategory.php via the "id" parameter...