CVE-2026-6674 Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter

The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-72551)

U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...

XWiki Full Calendar Macro SQL注入漏洞

XWiki Full Calendar Macro is an open source log table extension component for XWiki. A SQL injection vulnerability exists in XWiki Full Calendar Macro versions prior to 2.4.5. The vulnerability originates from a user with permission to view the Calendar.JSONService page may be able to exploit the...

WordPress plugin Contact Form by Bit Form 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in t...

SQL Injection Vulnerability in Dream CMS Backend Theme Management Service

Dream CMS lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design model. A SQL injection vulnerability exists in the backend topic management system of Dream CMS. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in ShyPost Enterprise Management System Pr***.asp Page

ShyPost Enterprise Management System is a set of intelligent ASP-based website building software. ShyPost Enterprise Management System Pr.asp page has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Kaixin Helpdesk v31.0 Pc***.aspx

Kaixin Helpdesk V31.0 is a system that helps IT to collect the problems dealt with on a daily basis and generate reports to quantify the work, which is developed using ASP.NET language. A SQL injection vulnerability exists in Qixing Helpdesk v31.0 Pc.aspx, which can be exploited by attackers to...

S-CMS enterprise website builder system backend F_qs*** parameter exists SQL injection vulnerability

S-CMS enterprise station building system is Zibo Shining Network Technology Co., Ltd. developed a specialized enterprise station building solutions for the product. There is a SQL injection vulnerability in the Fqs parameter in the background of S-CMS enterprise website building system. Attackers...

SQL Injection Vulnerability in the Website Building System of Beijing Beyond Infinity Information Technology Co. Ltd (CNVD-2019-30355)

Beijing Beyond Infinity Information Technology is a company engaged in website construction. A SQL injection vulnerability exists in the website building system of Beijing Beyond Unlimited Information Technology Co. Attackers can utilize the vulnerability to obtain sensitive information of the...

SQL injection vulnerability in Tpshop v3.5 To***.php page (CNVD-2019-17503)

Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 To.php page. Attackers can use the vulnerability to obtain sensitive information in the database...

SQL Injection Vulnerability in YXcmsApp1.4.7's ad***.php Page

YXcmsApp is a PHP and MySQL based enterprise building content management system CMS. A SQL injection vulnerability exists in the ad.php page of YXcmsApp 1.4.7, which can be exploited by attackers to obtain sensitive information from the database...

SQL injection vulnerability in ShopsN open source online store full web system (CNVD-2018-22113)

ShopsN free version of the B2C e-commerce is a product of Shanghai Yisu Network Technology Co., Ltd. a full-featured enterprise-class commercial standards in line with the real allow free commercial use of open source online store full network system. ShopsN open source online store system has a...

SQL Injection Vulnerability in Guangzhou Starscream Animation Design Co.

Guangzhou Star Dream Animation Design Co., Ltd. is a comprehensive animation design and production, peripheral product design and development, game development, AR enhancement technology development and other comprehensive animation culture industry company. There is a SQL injection vulnerability...

Cscms v3.53.5 SQL Injection Vulnerability in Frontend

Cscms is a diversified content management system developed using PHP5+MYSQL as the technical basis. Cscms v3.53.5 has a SQL injection vulnerability in the frontend. An attacker can exploit the vulnerability to obtain sensitive information from the database...

ECS Online Learning System v3.1.0 SQL Injection Vulnerability in Frontend ShitiController.class.php Page

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. A SQL injection vulnerability exists in the ShitiController.class.php page in the frontend of ECS Online Learning System v3.1.0. An attacker can exploit this vulnerability t...

Redfan iOffice Office Software ioCtlSet.asmx suffers from SQL injection vulnerability

Redfan iOffice.net is a professional mobile OA office automation solution provider, providing mobile OA office automation system for medical, government, enterprise and military units. Red Sail iOffice.net OA Office software ioCtlSet.asmx there is a SQL injection vulnerability, the attacker can u...

S-CMS V3.0 build20170601 has an arbitrary file download vulnerability

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 build20170601 '/admin/download.asp' page has an arbitrary file download vulnerability, allowing attackers to exploit the vulnerability to download database information...

SQL injection vulnerability in the create_share.php page of TreeHole's external link system

Treehole external chain system is a free and open source PHP external chain network disk system, support for seven cattle, local, remote three kinds of storage methods, support for multi-user system. Treehugger createshare.php page SQL injection vulnerability , because the program fails to filter...