1967 matches found
CVE-2017-20261
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the productid parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice...
CVE-2017-20258
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=compofos&view=pofo&id=SQL ...
PT-2026-50962
Name of the Vulnerable Software and Affected Versions Joomla! Component Extra Search version 2.2.8 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code. This is achieved by sending GET requests to the 'index.php' endpoint using the...
PT-2026-50988
Name of the Vulnerable Software and Affected Versions Joomla! Component J-BusinessDirectory version 4.9.7 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by injecting malicious code into the type parameter via GET requests to the...
PT-2026-50952
Name of the Vulnerable Software and Affected Versions Joomla StreetGuessr Game version 1.1.8 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com...
PT-2026-50929
Name of the Vulnerable Software and Affected Versions Joomla NextGen Editor version 2.1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL commands. This is achieved by sending GET requests to the 'index.php' endpoint with the parameters option=com nge and...
PT-2026-50938
Name of the Vulnerable Software and Affected Versions Joomla! Component Bargain Product VM3 version 1.0 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product id parameter. Attackers can use crafted SQL...
PT-2026-50990
Name of the Vulnerable Software and Affected Versions Joomla Component vRestaurant version 1.9.4 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries. This is achieved by sending POST requests to the 'menu-listing-layout' endpoint with malicious code...
PT-2026-50950
Name of the Vulnerable Software and Affected Versions Joomla! Component KissGallery version 1.0.0 Description An SQL injection allows unauthenticated attackers to inject SQL commands through the component URL path. By supplying malicious SQL code in the 'kissgallery' endpoint, attackers can execu...
CVE-2026-55740
CVE-2026-55740 affects Nur-Alam39 bus-ticket. The vulnerability is an unauthenticated SQL injection in bus_info.php where the busid parameter from an HTTP POST is concatenated directly into the query: select * from bus_info where id=$busid. This occurs in a numeric context and is not sanitized, e...
EUVD-2026-37842
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
EUVD-2026-37838
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2016-20068 WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint wit...
EUVD-2016-10884
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL...
CVE-2016-20072
CVE-2016-20072 affects the BBS e-Franchise 1.1.1 WordPress plugin. The vulnerability is an SQL injection in the uid parameter used by the plugin’s shortcode, enabling unauthenticated attackers to craft requests (Union-based SQLi) to extract sensitive data (e.g., user information, taxonomy terms)....
CVE-2016-20071 WordPress 404 Redirection Manager Plugin 1.0 SQL Injection
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
EUVD-2016-10883
The 404 Redirection Manager plugin version 1.0 for WordPress contains an unauthenticated SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through unsanitized user input. Attackers can craft GET requests with SQL injection payloa...
PT-2026-49207
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to...
PT-2026-49211
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...
Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Mistral vulnerability (USN-8422-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8422-1 advisory. Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints...