CVE-2020-37147

ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'id' parameter of the admindelete.php...

EUVD-2025-13582

Malicious code in bioql PyPI...

EUVD-2023-48199

Malicious code in bioql PyPI...

EUVD-2023-32351

Malicious code in bioql PyPI...

CVE-2025-54061 WeGIASQL Injection (Blind Time-Based) Vulnerability in idatendido_familiares Parameter on dependente_editarDoc.php Endpoint

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the idatendidofamiliares parameter of the /html/funcionario/dependenteeditarDoc.php endpoint. This vulnerability allo...

SQL Injection Vulnerability in PbootCMS

PbootCMS is the new core and permanent open source free PHP enterprise web development and construction management system. PbootCMS SQL injection vulnerability , attackers can exploit the vulnerability to obtain sensitive database information...

CVE-2023-43836

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information...

CVE-2022-45331

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the pid parameter at \post.php. This vulnerability allows attackers to access database information...

CVE-2021-25229

An improper access control vulnerability in Trend Micro Apex One on-prem and SaaS and OfficeScan XG SP1 could allow an unauthenticated user to obtain information about the database server...

CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information...

SQL Injection Vulnerability in NetDrive Unified Communication Platform of Beijing NetDrive Network Technology Co.

NetDrive Unified Communications Platform is a comprehensive communications platform designed to enhance users' communication efficiency and convenience and provide a unified communications environment. A SQL injection vulnerability exists in the NetDrive Unified Communications Platform of Beijing...

CVE-2025-40624 Multiple vulnerabilities in TCMAN's GIM

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ and...

CVE-2024-0405

The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'pageid', 'pageurl', 'platform', a...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2024-35548

A SQL injection vulnerability in Mybatis plus versions below 3.5.6 allows remote attackers to obtain database information via a Boolean blind injection. NOTE: the vendor's position is that this can only occur in a misconfigured application; the documentation discusses how to develop applications...

CVE-2022-45536

AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\postcomments.php. This vulnerability allows attackers to access database information...

SQL Injection Vulnerability in Ricochet Cloud Group Live Code Management System (CNVD-2021-41723)

RikerCloud live code management system is an open source, free, live code system that can be operated online to improve work efficiency, access to more resources and so on. A SQL injection vulnerability exists in the Ricochet Cloud Live Code Management System. An attacker can exploit the...

SQL Injection Vulnerability in CourseSEL (CNVD-2021-39079)

CourseSEL is an online course selection system. A SQL injection vulnerability exists in CourseSEL. An attacker can exploit the vulnerability to obtain sensitive information from the database...

SQL Injection Vulnerability in SEMCMS SCSHOP (CNVD-2021-38030)

SCSHOP is a self-developed open source online store btc system. SEMCMS SCSHOP suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in BigAnt Manager

BigAnt is a leading brand of domesticated enterprise instant messaging software for e-government. A SQL injection vulnerability exists in BigAnt Manager. An attacker can exploit the vulnerability to obtain sensitive database information...