1128 matches found
EUVD-2018-21637
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...
CVE-2018-25182
Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. Attackers can send GET requests to wcategory.php with crafted SQL payloads in the ID parameter to...
PT-2026-23685
Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...
CVE-2019-25507
Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. Attackers can send GET requests to index.php with malicious 'shop' values using UNION-based SQL injection t...
CVE-2019-25504
NCrypted Jobgator contains an SQL injection vulnerability in the Find-Jobs endpoint. The vulnerability is triggered via the experience parameter, allowing unauthenticated attackers to manipulate database queries and extract sensitive data. An attacker can send crafted POST requests to the agents ...
CVE-2019-25498 Simple Job Script SQL Injection via searched Endpoint
Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
PT-2026-22361
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET requests to the admin/getrecord.php endpoint with malicious 'val' values to extract sensitive databas...
CVE-2026-2416
CVE-2026-2416 affects the Geo Mashup WordPress plugin up to version 1.13.17, with an unauthenticated SQL injection via the sort parameter caused by insufficient escaping and unprepared queries. The vulnerability could allow access to sensitive information from the database. Exploitation details a...
CVE-2019-25433
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET requests to the gerarpdf.php endpoint with malicious cid values to extract sensitive database...
CVE-2019-25444
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can supply malicious SQL syntax in the page parameter to extract sensitive database information or...
PT-2026-7269
Name of the Vulnerable Software and Affected Versions Ivanti Endpoint Manager versions prior to 2024 SU5 Description A SQL injection issue exists in Ivanti Endpoint Manager. A remote authenticated attacker can potentially read arbitrary data from the database through this flaw. Recommendations...
Flowring Docpedia SQL注入漏洞
Flowring Docpedia is a document management system developed by Flowring Corporation. Flowring Docpedia has a SQL injection vulnerability. This vulnerability allows authenticated remote attackers to inject arbitrary SQL commands, potentially leading to the reading, modification, or deletion of...
Ivanti Endpoint Manager SQL注入漏洞
Ivanti Endpoint Manager EPM is a set of endpoint security managers developed by the American company Ivanti. Versions of Ivanti Endpoint Manager prior to EPM 2024 SU5 contained a SQL injection vulnerability. This vulnerability allows remote authentication attackers to access arbitrary data in the...
Globitek CMS SQL注入漏洞
Project 1 – Globitek CMS is a cybersecurity course developed by Jason Shen. Version 1.4 of Globitek CMS has a SQL injection vulnerability. This vulnerability stems from an SQL injection in the id GET parameter, which may allow attackers to extract or modify database information...
UFIDA U8 Cloud suffers from SQL injection vulnerability (CNVD-C-2026-72551)
U8 Cloud is a new-generation cloud ERP Enterprise Resource Planning solution launched by UFIDA, mainly for growing and innovative enterprises, aiming to provide a comprehensive enterprise-level cloud ERP total solution. A SQL injection vulnerability exists in UFIDA U8 Cloud, which can be exploite...
CVE-2020-37089
CVE-2020-37089 affects School ERP Pro 1.0. The vulnerability is a SQL injection in the GET parameter es_messagesid , allowing attackers to manipulate database queries and potentially extract, modify, or delete data. Root cause: improper handling of input in the parameter; attack surface exposed v...
EUVD-2026-4787
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosverauto.aspx', could allow an attacker to extract...
CVE-2026-1481 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigverauto.aspx', could allow an attacker to...
CVE-2026-1480
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' in '/evaluacionobjetivosanyosigevalua.aspx', could allow an attacker to...