961 matches found
CVE-2025-52646 HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries.
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...
CVE-2025-52637 Multiple security vulnerabilities affect HCL AION
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...
CVE-2025-52637 Multiple security vulnerabilities affect HCL AION
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...
PT-2026-25756
HCL AION is affected by a vulnerability where certain offering configurations may permit execution of potentially harmful SQL queries. Improper validation or restrictions on query execution could expose the system to unintended database interactions or limited information exposure under specific...
PT-2026-25797
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the custom dates parameter. By chaining this with a predictable legacy password reset mechanism, an...
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB
Summary POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. Details File: kernel/api/router.go Every sensitive endpoint i...
Hyperterse: Raw exposure of database statements in MCP search tool
Hyperterse allows users to specify database queries for tools to execute under the hood. As of v2.0.0, there are only two tools exposed - search and execute. The search tool allows LLMs to search for tools using natural language. While returning results, Hyperterse also returned the raw SQL...
CVE-2019-25532 Netartmedia Jobs Portal 6.1 SQL Injection via loginaction.php
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with crafted SQL payloads in the Email field to extract...
PT-2026-24971
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. Attackers can send GET requests to fonksiyonlar.php with malicious videoid values using...
CVE-2026-31844 Authenticated SQL Injection in Koha displayby parameter of suggestion.pl
An authenticated SQL Injection vulnerability CWE-89 exists in the Koha staff interface in the /cgi-bin/koha/suggestion/suggestion.pl endpoint due to improper validation of the displayby parameter used by the GetDistinctValues functionality. A low-privileged staff user can inject arbitrary SQL...
CVE-2018-25180
Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. Attackers can also download the SQLite database file directly from the application...
CVE-2026-29073
Technical details about CVE-2026-29073 are not provided in the connected documents. The SUSE/OSV entries reference the CVE within a broader vulndb update but do not describe affected products, versions, or exploit specifics. Monitor for updates.
CVE-2026-29073 SiYuan: Direct SQL Query API accessible to Reader-level users enables unauthorized database access
SiYuan is a personal knowledge management system. Prior to version 3.6.0, the /api/query/sql lets a user run sql directly, but it only checks basic auth, not admin rights, any logged-in user, even readers, can run any sql query on the database. This issue has been patched in version 3.6.0...
PT-2026-23698
Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. Attackers can send POST requests to the WsModelGrid.php endpoint with crafted SQL payloads to extract...
Ashop Shopping Cart SQL注入漏洞
Ashop Shopping Cart is a e-commerce platform developed by the Ashop company. The Ashop Shopping Cart has a SQL injection vulnerability. This vulnerability stems from the shop parameter being subject to SQL injection attacks, which may allow unverified attackers to manipulate database queries and...
CVE-2026-26710
code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php...
PT-2026-22360
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requests to the admin/getcmsdata.php endpoint with malicious 'pt' values to extract sensitive database...
CVE-2025-13776
CVE-2025-13776 concerns multiple Finka programs that use hard-coded Firebird database credentials shared across all instances. The vulnerability allows a local-network attacker who knows the default credentials to read and edit database content. Affected products and upgraded releases are: Finka-...
CVE-2026-27461
Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...
Pimcore SQL注入漏洞
Pimcore is an open-source web content management platform developed by the Austrian company Pimcore. This platform integrates applications for web content management, e-commerce frameworks, and product information management. Versions of Pimcore prior to 11.5.14.1 and 12.3.2, as well as earlier...