CVE-2026-10731

SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...

Nemon Trade Energy和Nemon Trade Energy CRM SQL注入漏洞

Nemon Trade Energy and Nemon Trade Energy CRM are both products of the Spanish company Nemon. Nemon Trade Energy is a platform for managing energy retail businesses. Nemon Trade Energy CRM is a platform for managing energy customer relationships. Both Nemon Trade Energy and Nemon Trade Energy CRM...

portswigger-sqlinjection-labs

🔐 SQL Injection Attack Lab – PortSwigger Web Security Academy...

Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf

CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...

CVE-2025-64492

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

CVE-2025-56450

Log2Space Subscriber Management Software 1.1 is vulnerable to unauthenticated SQL injection via the leadid parameter in the /l2s/api/selfcareLeadHistory endpoint. A remote attacker can exploit this by sending a specially crafted POST request, resulting in the execution of arbitrary SQL queries. T...

📄 Log2Space Subscriber Management Software 1.1 SQL Injection

Log2Space Subscriber Management Software version 1.1 suffers from an unauthenticated remote SQL injection vulnerability. Author: Aditya Patil [email protected] Rohan Patil [email protected] CVE-2025-56450 Unauthenticated SQL Injection in Log2Space Subscriber Management Software...

EUVD-2020-3791

Malware in sbrugna...

EUVD-2023-43899

Malicious code in bioql PyPI...

sqlmap-ctt

sqlmap-CTT ========== sqlmap-CTT is an advanced SQL injection t...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

A SQL injection vulnerability exists in the id2 parameter of the cancelbooking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution...

CVE-2025-55444

The CVE-2025-55444 entry affects Online Artwork and Fine Arts MCA Project 1.0, with a vulnerability in the parameter of cancel_booking.php that allows SQL injection. The root cause is unsanitized user input in the parameter, enabling arbitrary SQL queries, leading to database enumeration and po...

Online Artwork and Fine Arts 安全漏洞

Online Artwork and Fine Arts is an online artwork display box selling project by the individual developer Vishal Mathur. A security vulnerability exists in Online Artwork and Fine Arts version 1.0, which stems from a SQL injection in the id2 parameter of the cancelbooking.php page, which could le...

PT-2025-34122 · Unknown · Online Artwork/Fine Arts Mca Project

Name of the Vulnerable Software and Affected Versions: Online Artwork and Fine Arts MCA Project version 1.0 Description: A SQL injection vulnerability exists in the id2 parameter of the cancel booking.php page. A remote attacker can inject arbitrary SQL queries, leading to database enumeration an...

Exploit for CVE-2026-2058

CLOUD-CLASSROOMS-php-1.0 PoC - Sql Injection Erro Based Prese...

CVE-2020-11437

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database...

VulnCheck KEV: CVE-2024-8503

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial stores plaintext credentials within the database...

CVE-2024-45856

A cross-site scripting XSS vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI...