225 matches found
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'idpost' parameter of the details controller that allows attackers to extract database information. Attackers can systematically test and retrieve database contents by injecting crafted SQL queries that compare...
CVE-2026-1482 Out-of-band SQL injection in Quatuor Performance Evaluation
An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...
EUVD-2026-2758
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify...
CVE-2019-18866
Unauthenticated SQL injection via the username in the login mechanism in Blaauw Remote Kiln Control through v3.00r4 allows a user to extract arbitrary data from the rkc database...
CVE-2025-14153
The Page Expire Popup/Redirection for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' shortcode attribute in all versions up to, and including, 1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...
CVE-2025-13077
CVE-2025-13077 concerns the WordPress plugin “payamito-sms-woocommerce” (Payamito SMS for WooCommerce). Connected sources confirm a time-based blind SQL Injection via the columns parameter affecting all versions up to and including 1.3.5, caused by insufficient escaping of user input and lack of ...
CVE-2024-58309 xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
CVE-2024-58309 xbtitFM 4.1.18 Unauthenticated SQL Injection in shoutedit.php
xbtitFM 4.1.18 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries by injecting malicious SQL code through the msgid parameter. Attackers can send crafted requests to /shoutedit.php with EXTRACTVALUE functions to extract database...
EUVD-2016-10784
Malware in sbrugna...
EUVD-2024-44469
Malicious code in bioql PyPI...
EUVD-2024-32135
Malicious code in bioql PyPI...
EUVD-2023-57751
Malicious code in bioql PyPI...
EUVD-2024-33442
Malicious code in bioql PyPI...
EUVD-2021-28016
Malicious code in bioql PyPI...
EUVD-2024-17524
Malicious code in bioql PyPI...
EUVD-2023-57778
Malicious code in bioql PyPI...
EUVD-2023-34262
Malicious code in bioql PyPI...
EUVD-2024-17445
Malicious code in bioql PyPI...
EUVD-2024-33904
Malicious code in bioql PyPI...
EUVD-2021-27810
Malicious code in bioql PyPI...