CVE-2026-24913

SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product...

PT-2026-31083

Name of the Vulnerable Software and Affected Versions MATCHA INVOICE versions 2.6.6 and earlier Description A SQL Injection vulnerability exists that may allow a logged-in user to obtain or alter information stored in the database. Recommendations Update to a newer version to address this...

CVE-2019-25696

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

CVE-2025-56421

LimeSurvey is affected by an SQL Injection vulnerability in versions before 6.15.4+250710. The issue allows a remote attacker to obtain sensitive information from the database. The description does not specify exact vulnerable components, the root cause details, or concrete exploitation vectors b...

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-797319)

T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...

CVE-2025-62387

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

CVE-2025-62384

SQL injection in Ivanti Endpoint Manager before version 2024 SU5 allows a remote authenticated attacker to read arbitrary data from the database...

EUVD-2022-29629

Malicious code in bioql PyPI...

PHPGurukul Hospital Management System 安全漏洞

Hospital Management System is a PHP and MySQL based hospital management system. Hospital Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally-entered SQL statements in the parameter doctorspecilization in the file...

CVE-2023-22324

SQL injection vulnerability in the CONPROSYS HMI System CHS Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. As a result, information stored in the database may be obtained...

JetBrains YouTrack Information Disclosure Vulnerability

JetBrains YouTrack is a project management tool developed by JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from an information disclosure vulnerability that can be exploited by an attacker to obtain database data...

CVE-2024-42404

SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database...

PT-2023-7878 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The SMS-related function in ITPison OMICARD EDM has insufficient validation for user input, allowing an unauthenticated remote attacker to inject arbitrary SQL commands. This ca...

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

Ke361 suffers from SQL injection vulnerability (CNVD-2021-24524)

Ke361 is an open source Taobao system. Ke361 has a SQL injection vulnerability that can be exploited by attackers to obtain sensitive database data...

SQL Injection Vulnerability in Rui Jiang Cloud Hyperconverged Computing Platform

Guangdong Ruijiang Cloud Computing Co., Ltd. is a leading Internet infrastructure service provider in China, which is committed to providing professional Internet Data Center IDC, Cloud Computing private cloud solution and public cloud cloud platform and overall solutions for industry application...

SQL Injection Vulnerability in Pangu Network Website Building System (CNVD-2020-62357)

Shenyang Pangu Network was founded in 2003, is a company that provides domain name registration, web hosting, enterprise post office, website construction, network promotion, call center, electronic payment and other complete set of network marketing solutions. Pangu Network website builder syste...

Yunnan Tianren Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Yunnan Tianren Network Technology Co., Ltd. is a set of network promotion, overall planning, domain name registration, website construction, e-commerce as one of the professional network services company, is the world's largest Chinese search engine - Baidu's general agent in Yunnan Province, but...

Yunnan Huaji Youxiang Network Technology Co., Ltd. website building system has SQL injection vulnerability

Yunnan Huaji Youxiang Network Technology Co., Ltd. is to provide intellectual property rights and Internet services. There is a SQL injection vulnerability in the website building system of Yunnan Huayi Youxiang Network Technology Co. Attackers can utilize the vulnerability to obtain sensitive...