9843 matches found
PT-2026-55820
Name of the Vulnerable Software and Affected Versions code-projects Real State Services version 1.0 Description An issue exists in the /builderHome.php file where improper handling of the loc variable allows for remote SQL injection. SQL injection is a technique where an attacker inserts maliciou...
CVE-2026-14659
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public...
CVE-2026-14659
Summary : CVE-2026-14659 affects itsourcecode Hospital Management System 1.0. The vulnerability is in the /patientappointment.php script, where manipulation of the patiente argument enables SQL injection. This is a network-facing issue with low-priority details reported as proof-of-concept exploi...
CVE-2026-14658
The CVE-2026-14658 issue affects code-projects Assessment Management 1.0, specifically the file /lecturer/marking-scheme.php. The vulnerability is an SQL injection caused by manipulating the parameter smarksrange[]; it enables remote exploitation. Public exploit information is noted in the descri...
CVE-2026-14649
A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...
CVE-2026-14649 code-projects Online Voting System saveVote.php test_input sql injection
A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...
CVE-2026-14642
SourceCodester Class and Exam Timetabling System 1.0 contains a SQL injection in the /edit_class2.php endpoint caused by unsafely manipulated ID parameter. The vulnerability is remote and publicly exploitable (PoC). CVSS data from multiple sources indicate a NETWORK attack with low complexity and...
EUVD-2026-41688
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit ha...
CVE-2026-14639
CVE-2026-14639 affects CodeAstro Ecommerce Website 1.0. The vulnerability is an SQL injection in the code path handling the URL /ecommerce-website-php/customer/my_account.php?edit_account, caused by unsafely manipulated parameter c_name. This allows potentially remote attacker access with low pri...
CVE-2026-14638 itsourcecode Hospital Management System patient.php sql injection
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
EUVD-2026-41685
A flaw has been found in itsourcecode Hospital Management System 1.0. This affects an unknown function of the file /patient.php. This manipulation of the argument editid causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
PT-2026-55738
Name of the Vulnerable Software and Affected Versions code-projects Assessment Management version 1.0 Description An issue exists in the /lecturer/marking-scheme.php file where improper handling of the smarksrange variable allows for remote SQL injection. SQL injection is a technique where an...
PT-2026-55733
Name of the Vulnerable Software and Affected Versions SourceCodester Simple and Nice Shopping Cart Script version 1.0 Description An issue exists in the /admin/mensproductdeletequery.php file where improper handling of the user id variable allows for SQL injection. This allows a remote attacker t...
EUVD-2026-41469
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-12920
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 4.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
IBM App Connect Enterprise 12.0.1.x < 12.0.12.27 / 13.0.1.x < 13.0.8.0 SQL Injection (7278350)
IBM App Connect Enterprise 13.0.1.0 through 13.0.7.2, and 12.0.1.0 through 12.0.12.26 is vulnerable to SQL injection. A remote attacker could socially engineer a user into accidentally creating files they may not be aware of. Note that Nessus has not tested for this issue but has instead relied...
CVE-2026-56841
A malicious actor with access to the network and low privileges could exploit an authenticated SQL Injection vulnerability found in UniFi Protect Application to escalate privileges on the host device...
CVE-2026-50747
A malicious actor with access to the network and low privileges could exploit a series of authenticated SQL Injection vulnerabilities found in UniFi Talk Application to escalate privileges on the host device...
CVE-2026-14363
A flaw was found in the Mediawiki Cargo Extension. This vulnerability, identified as SQL Injection, allows an attacker to execute malicious SQL commands. By exploiting improper handling of special characters in SQL commands, an attacker can potentially access, modify, or delete sensitive data...
CVE-2025-69094
CVE-2025-69094 affects the WordPress Unicamp theme (versions