94 matches found
PrestaShop AP Pagebuilder <= 2.4.4 - SQL Injection
A SQL injection vulnerability in the productalloneimg and imageproduct parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. id: CVE-2022-22897 info: name: PrestaShop AP Pagebuilder = 2.4.4 - SQL Injection...
CVE-2026-9700
The Eventer plugin for WordPress is vulnerable to time-based SQL Injection via the ‘code’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-34104
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...
PT-2026-50992
Name of the Vulnerable Software and Affected Versions Joomla! Component vAccount version 2.0.2 Description An SQL injection allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code. This is achieved by sending GET requests to the 'vaccount-dashboard/expense'...
CVE-2026-8443
CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...
Exploit for CVE-2026-54596
CVE-2026-54596 - Authenticated SQL Injection via recurringinv...
PT-2026-47765
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the...
PT-2026-39655
HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker can bypass authentication by supplying a crafted username e.g. admin'-- or extract the full content...
CVE-2026-41478
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId)
Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authenticated low-privilege user with read access to at least one table to inject arbitrary SQL through...
EUVD-2026-25594
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a...
EUVD-2026-25595
Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack require...
GHSA-MRXX-39G5-PH77 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field
Executive Summary A vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the database. This affects Dgraph's default configuration where ACL is not enabled. The attack is a single HTTP POST to /mutate?commitNow=true containing a...
CVE-2026-35032
Jellyfin (pre-10.11.7) has a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts) where tuner URLs aren’t validated, enabling local file reads via non-HTTP paths and SSRF via HTTP URLs. Exploitation is possible by any authenticated user because EnableLiveTvManagement def...
CVE-2026-3334 CMS Commander <= 2.288 - Authenticated (Custom+) SQL Injection via 'or_blogname' Parameter
The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'orblogname', 'orblogdescription', and 'oradminemail' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on th...
PT-2026-26929
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...
SQLi-Exfiltration-Lab
SQL Injection SQLi - Database Exfiltration Lab Overview...
CVE-2026-25483 Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...
CVE-2026-25483 Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...
CVE-2026-25483 Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration
Craft Commerce is an ecommerce platform for Craft CMS. In versions from 4.0.0-RC1 to 4.10.0 and from 5.0.0 to 5.5.1, a stored XSS vulnerability exists in Craft Commerce’s Order Status History Message. The message is rendered using the |md filter, which permits raw HTML, enabling malicious script...