CVE-2026-1480

The CVE-2026-1480 entry documents an out-of-band SQL injection in the Performance Evaluation (EDD) application by Gabinete Técnico de Programación. The vulnerability affects the Id_usuario parameter in the /evaluacion_objetivos_anyo_sig_evalua.aspx endpoint, enabling an attacker to exfiltrate sen...

WordPress Shipping Rate By Cities plugin SQL Injection Vulnerability

WordPress Shipping Rate By Cities plugin is a plugin designed for WooCommerce stores running on WordPress websites. The WordPress Shipping Rate By Cities plugin suffers from a SQL injection vulnerability that stems from the escaping and underpreparation of the city parameter, which can be exploit...

CVE-2025-67081

Itflow is affected by CVE-2025-67081 through version 25.06. The issue is an SQL injection in the role_id parameter used when editing a profile, exploitable by an admin account via blind SQL injection to extract arbitrary data. The root cause is insufficient sanitization of an integer parameter. M...

XWiki Full Calendar Macro SQL注入漏洞

XWiki Full Calendar Macro is an open source log table extension component for XWiki. A SQL injection vulnerability exists in XWiki Full Calendar Macro versions prior to 2.4.5. The vulnerability originates from a user with permission to view the Calendar.JSONService page may be able to exploit the...

CVE-2021-41920

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...

aws-sg-cleanup (>=0.1.0 <=0.1.3), query-rds-data (>=2.0.0 <=2.0.1) potentially affected by unknown CVE via aws-sdk-rds (=0.15.0)

aws-sdk-rds CARGO version =0.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on aws-sdk-rds and may be impacted: - aws-sg-cleanup =0.1.0, =2.0.0, =2.0.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports

Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...

SQL injection vulnerability in U8+ Channel Management (Advanced Edition) at UFIDA Network Technology Co. Ltd (CNVD-C-2025-1245200)

U8+ Channel Management Advanced Edition is a set of channel management software, together with U8+ supply chain system and financial system, extending the enterprise management radius from the internal enterprise to the distribution channels and sales terminals. A SQL injection vulnerability exis...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-1206330)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

Complete Online Beauty Parlor Management System /search-invoices.php File SQL Injection Vulnerability

Complete Online Beauty Parlor Management System is an online beauty parlor management system. Complete Online Beauty Parlor Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the file...

Scholars Tracking System delete_user.php File SQL Injection Vulnerability

Scholars Tracking System is a scholars tracking system. Scholars Tracking System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in parameter ID in file /admin/deleteuser.php. An attacker can exploit this vulnerability to...

PHPJabbers Simple CMS SQL注入漏洞

PHPJabbers Simple CMS is a PHPJabbers open source content management system. A SQL injection vulnerability exists in PHPJabbers Simple CMS version 5.0, which originates from a SQL injection in the column parameter of the index.php endpoint, which may result in database information being extracted...

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

CVE-2025-62192

SQL Injection vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If exploited, information stored in the database may be obtained or altered by an authenticated user...

Student Management System /newcurriculm.php File SQL Injection Vulnerability

Student Management System is a student management system. Student Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the parameter ID of the file /newcurriculm.php. An attacker can exploit this vulnerabili...

CVE-2025-14254 Galaxy Software Services｜Vitals ESP - SQL Injection

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976469)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Divine Vision Han Technology Co., Ltd (CNVD-C-2025-976472)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-13770 Uniong｜WebITR - SQL Injection

WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

Library System mail.php File SQL Injection Vulnerability

Library System is a library system. The Library System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the file /mail.php. An attacker can exploit this vulnerability to execute illegal SQL commands to stea...