CVE-2026-40546

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

ITSsourcecode Content Management System SQL Injection Vulnerability

itsourcecode Content Management System is an open-source content management system developed by itsourcecode. Version 1.0 of the itsourcecode Content Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the topicid parameter in the file...

SQL Injection

wwbn/avideo is vulnerable to a SQL Injection. The vulnerability is due to direct interpolation of user-controlled input into SQL queries without parameterization in the fixCleanTitle method, which allows an attacker to inject and execute arbitrary SQL commands...

CVE-2026-2136

CVE-2026-2136 affects projectworlds Online Food Ordering System v1.0. The vulnerability resides in an unknown function of /view-ticket.php where manipulating the ID parameter enables SQL injection, with remote exploitation demonstrated by published exploits. Multiple sources (NVD, Red Hat, CVE li...

PT-2026-1788

Name of the Vulnerable Software and Affected Versions vanquish WooCommerce Orders & Customers Exporter versions through 5.4 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a potential SQL Injection issue. The affected...

CVE-2025-15168

A vulnerability was identified in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /statistical.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used...

SourceCodester Patients Waiting Area Queue Management System SQL注入漏洞

SourceCodester Patients Waiting Area Queue Management System is a SourceCodester open source patient waiting area queue management system. A SQL injection vulnerability exists in SourceCodester Patients Waiting Area Queue Management System version 1.0, which stems from incorrect manipulation of t...

CVE-2025-61603 WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter

WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands,...

CVE-2025-57104

Teampel 5.1.6 is vulnerable to SQL Injection in /Common/login.aspx...

GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module

Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...

Simple Grading System add_student_grade.php File SQL Injection Vulnerability

Simple Grading System is a simple grading system. Simple Grading System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Add in the file /addstudentgrade.php. An attacker can exploit this vulnerability to...

Projectworlds Free Download Online Shopping System SQL注入漏洞

Projectworlds Free Download Online Shopping System is an online shopping system from Projectworlds India. Projectworlds Free Download Online Shopping System 192.168.1.88 and earlier versions have a SQL injection vulnerability that stems from a SQL injection vulnerability in the parameter id...

WordPress plugin WP Post Author SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

SourceCodester Stock Management System SQL注入漏洞

Sourcecodester Stock Management System is an inventory management system. A SQL injection vulnerability exists in SourceCodester Stock Management System version 1.0, which stems from a SQL injection caused by the brandName parameter of the file createBrand.php...

Web-Based Student Clearance System SQL Injection Vulnerability

Web-Based Student Clearance System is a web-based student clearance system by the individual developer Ndueso Okorie. A SQL injection vulnerability exists in Web-Based Student Clearance System version 1.0, which stems from an incorrect manipulation of the parameter Fullname that can lead to sql...

Online Food Ordering System SQL Injection Vulnerability

Online Food Ordering System is an online food ordering system by Carlo Montero, a personal developer. A SQL injection vulnerability exists in Online Food Ordering System v1.0, which is caused by insufficient filtering of the name parameter on the routers/add-item.php page...

Judging Management System SQL注入漏洞

Judging Management System is a judging management system by Carlo Montero Personal Developer. A security vulnerability exists in Judging Management System version v.1.0, which stems from an SQL injection vulnerability that could allow a remote attacker to execute arbitrary code via the contentant...

Ingredients Stock Management System SQL注入漏洞

Ingredients Stock Management System is an ingredient stock management system by Carlo Montero. v1.0 of the Ingredients Stock Management System is vulnerable to SQL injection, which originates from the /classes/Master .php?f=deletewaste location has an SQL injection issue with the id parameter. No...

CVE-2022-25393

Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter...

Baicloud Cms 安全漏洞

Baicloud Cms is a Chinese lightweight open source content management system Cms based on Php and MySQL, running on Linux, Windows and other platforms. BaiCloud cms v2.5.7 suffers from a SQL injection vulnerability that allows attackers to pass the tongji and baidumap parameters in...