1127 matches found
CVE-2026-6888
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
CVE-2018-25422
MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Attackers can send GET requests to play.php with crafted SQL payloads in the id parameter to extract...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the year parameter, potentially allowing unauthenticated attackers to execute...
AiOPMSD Final SQL注入漏洞
AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the director parameter, potentially allowing unauthenticated attackers to execute...
EUVD-2018-21922
The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the ajax/formpost.php endpoint with crafted SQL payloads to extract...
EUVD-2018-21895
MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the email parameter. Attackers can submit crafted POST requests to the userSignup.php endpoint with SQL payloads ...
EUVD-2018-21873
Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...
CVE-2018-25351
CVE-2018-25351 affects Joomla! Component EkRishta 2.10. The connected documents describe an error-based SQL injection in the username parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending POST requests to the login endpoint, leaking database information inclu...
CVE-2018-25339 Zechat 1.5 SQL Injection via v parameter (time-based blind)
Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Attackers can exploit the v parameter with sleep-based blind injection to confirm vulnerability and extract data...
CVE-2020-37218 Joomla com_hdwplayer 4.2 SQL Injection via search.php
Joomla comhdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the hdwplayersearch parameter. Attackers can submit POST requests with crafted SQL payloads in the...
CVE-2026-6888 SQL Injection Vulnerability
Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via a specific interface, potentially enabling the attacker to access, modify, or delete sensitive information within the database...
PT-2026-40556
Name of the Vulnerable Software and Affected Versions Advantech IoT & SCADA affected versions not specified Description A SQL injection allows a remote authenticated attacker to execute arbitrary commands via a specific interface. This could enable the attacker to access, modify, or delete...
CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss_params
WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpsap cookie parameter. Attackers can craft SQL payloads in the cookie to extract sensitive database...
EUVD-2026-27885
Vvveb before version 1.0.8.2 contains a hard-coded credentials vulnerability in its docker-compose-apache.yaml configuration that allows unauthenticated attackers to access the bundled phpMyAdmin container with pre-configured database credentials. Attackers can connect to the phpMyAdmin port to...
CVE-2026-41930
Vvveb
CVE-2026-7489 Sunnet|CTMS - SQL Injection
CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2026-34652
Borg SPM 2007 Sales Ended in 2008 developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...
PT-2026-34636
CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface...
aEnrich a+HRD 安全漏洞
aEnrich a+HRD is a comprehensive human resource development solution provided by aEnrich Corporation. aEnrich a+HRD has a security vulnerability; this vulnerability stems from lack of authorization, which may allow authenticated remote attackers to arbitrarily read database content through specif...
CVE-2026-6674 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter
The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...