Lucene search
K

1974 matches found

CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the id parameter, which may allow attackers to manipulate...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the namakelompok POST parameter, which may allow...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44922

Name of the Vulnerable Software and Affected Versions agno version 2.6.5 Description A SQL injection issue exists in the ClickHouse vector database backend. Attackers can inject arbitrary SQL expressions by providing malicious metadata keys and values to the delete by metadata function. This is...

8.7CVSS6AI score0.00319EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 7:43 a.m.14 views

CVE-2026-7048

The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.8.40 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o...

6.5CVSS5.9AI score0.00504EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:45 a.m.11 views

CVE-2026-7797

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'appendwheresql' parameter in all versions up to, and including, 1.6.11.8 due to insufficient escaping on the user supplied parameter and lac...

7.5CVSS5.8AI score0.00554EPSS
Exploits0References12
Exploit DB
Exploit DB
added 2026/05/27 12:0 a.m.64 views

OpenCATS 0.9.7.4 - SQL Injection

Exploit Title: OpenCATS 0.9.7.4 - SQL Injection Exploit Author: Gabriel Rodrigues TEXUGO from HAKAI Vendor Homepage: https://www.opencats.org Software Link: https://github.com/opencats/OpenCATS Version: 1 else "http://localhost:8888" user = sys.argv2 if lensys.argv 2 else "admin" pw = sys.argv3 i...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.7 views

CVE-2018-25364 Twitter-Clone 1 SQL Injection via search.php

Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the name parameter. Attackers can submit crafted payloads to the search.php endpoint to extract database information including username...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25364

Twitter-Clone 1 contains a SQL injection flaw accessible without authentication via search.php. An attacker can inject malicious code into the name parameter to perform error-based and union-based SQL injections, enabling extraction of database information such as usernames, credentials, and syst...

8.8CVSS6.2AI score0.00337EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.11 views

CVE-2018-25362 Twitter-Clone 1 SQL Injection via follow.php

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

8.8CVSS5.9AI score0.00309EPSS
Exploits0References3
NVD
NVD
added 2026/05/23 7:16 p.m.11 views

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/23 6:30 p.m.14 views

CVE-2018-25348

CVE-2018-25348 concerns the Joomla! extension Ek Rishta 2.10 , where an SQL injection vulnerability exists in the user_detail view through the cid parameter. Unauthenticated attackers can manipulate database queries by supplying malicious cid values, enabling extraction of sensitive information. ...

8.8CVSS5.9AI score0.00358EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.13 views

CVE-2018-25341 Smartshop 1 SQL Injection via product.php id Parameter

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.00334EPSS
Exploits0References4
CVE
CVE
added 2026/05/23 6:30 p.m.26 views

CVE-2018-25341

CVE-2018-25341 concerns Smartshop 1 with a SQL injection vulnerability in product.php id parameter. The issue allows unauthenticated attackers to perform union-based SQL injection to extract database information, including usernames and database names. Connected sources confirm the vulnerability ...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/23 6:30 p.m.6 views

CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/23 6:30 p.m.9 views

CVE-2018-25340 Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/23 6:30 p.m.13 views

CVE-2018-25340 Smartshop 1 SQL Injection via category.php

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting SQL code through the searched parameter in the search.php file. It may allow unauthenticated attackers to manipulat...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/23 12:0 a.m.9 views

Smartshop SQL注入漏洞

Smartshop is an e-commerce website development template created by Ismail Ghallou. Version 1 of Smartshop has a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, which may allow unauthenticated attackers to execute arbitrary SQL queries...

8.8CVSS6.2AI score0.00334EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42719

Name of the Vulnerable Software and Affected Versions WP ERP Pro versions prior to 1.5.2 Description The WP ERP Pro plugin for WordPress contains a flaw allowing unauthenticated attackers to append additional SQL queries to existing ones. This is caused by insufficient escaping of the user-suppli...

7.5CVSS5.9AI score0.00273EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/20 2:27 a.m.6 views

CVE-2026-9010

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References3
Rows per page
Query Builder