324 matches found
Exploit for CVE-2026-6379
CVE-2026-6379 — WP Photo Album Plus :8080/?pageid=" --mode pr...
sql-xss
No d...
SQL-DB
No d...
EUVD-2018-12391
Malware in sbrugna...
EUVD-2018-3109
Malware in sbrugna...
EUVD-2021-25148
Malware in sbrugna...
EUVD-2021-32736
Malicious code in bioql PyPI...
EUVD-2022-0676
Malicious code in bioql PyPI...
Pet-grooming-management-sale_report.php-v.1.0-sql-injection
Pet-grooming-managemen...
CVE-2025-44203
In HotelDruid 3.0.7, an unauthenticated attacker can exploit verbose SQL error messages on creadb.php before the 'create database' button is pressed. By sending malformed POST requests to this endpoint, the attacker may obtain the administrator username, password hash, and salt. In some cases, th...
GHSA-PRWH-7838-XF82 XWiki allows SQL injection in query endpoint of REST API with Oracle
Impact It's possible to execute any SQL query in Oracle by using the function like DBMSXMLGEN or DBMSXMLQUERY. The XWiki query validator does not sanitize functions that would be used in a simple select and Hibernate allows using any native function in an HQL query. Patches This has been patched ...
CVE-2022-46898
An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...
CampCodes Online Shopping Portal 注入漏洞
CampCodes Online Shopping Portal is an online shopping portal from CampCodes, Inc. CampCodes Online Shopping Portal suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter billingaddress in file /my-cart.php. An...
SQL Injection Vulnerability in Changjitong T+ of Changjitong Information Technology Co., Ltd (CNVD-C-2025-129102)
T+ is a dynamic, intelligent and fashionable Internet management software, mainly for small and medium-sized industrial, trade and commerce enterprises with integrated financial and business applications, incorporating elements of socialization, mobility, Internet of Things, e-commerce and Intern...
PT-2025-16820 · Unknown · Telecontrol Server Basic
Name of the Vulnerable Software and Affected Versions: TeleControl Server Basic versions prior to 3.1.2.2 Description: A SQL injection vulnerability has been identified in the affected application through the internally used UpdateGateways method. This could allow an authenticated remote attacker...
CVE-2025-25515
Seacms =13.3 is vulnerable to SQL Injection in admincollect.php that allows an authenticated attacker to exploit the database...
CVE-2020-11006
In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0...
CVE-2025-23219 WeGIA has a SQL Injection endpoint 'adicionar_cor.php' parameter 'cor'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in the WeGIA application, specifically in the adicionarcor.php endpoint. This vulnerability allows attackers to execute arbitrary SQL commands in t...
SQL Injection Vulnerability in Electronic Document Security Management System of Beijing Yisaitong Technology Development Co., Ltd (CNVD-2024-00987)
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
CVE-2023-24840 HGiga MailSherlock - SQL Injection
HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. An authenticated remote attacker with administrator privilege can exploit this vulnerability to inject SQL commands to read, modify, and delete the database...