9844 matches found
EUVD-2026-40058
A vulnerability was found in itsourcecode Online Hotel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/modusers/controller.php?action=add. The manipulation of the argument Name results in sql injection. The attack can be launched remotely. The exploi...
CVE-2026-13551 itsourcecode Baptism Information Management System editBaptism.php sql injection
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...
EUVD-2026-40057
A security vulnerability has been detected in itsourcecode Baptism Information Management System 1.0. This affects an unknown function of the file /editBaptism.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed...
CVE-2026-13550
The CVE-2026-13550 entry concerns itsourcecode Baptism Information Management System 1.0. A vulnerability in the file /delbaptism.php allows manipulation of the argument ID to trigger a SQL injection. The weakness can be exploited remotely, and public exploits are available. CVSS metrics indicate...
CVE-2026-13535
A flaw has been found in CodeAstro Human Resource Management System 1.0. This vulnerability affects the function GetFileInfo of the file hrsystem/application/models/Employeemodel.php of the component View Endpoint. Executing a manipulation of the argument ID can lead to sql injection. The attack...
CVE-2026-13542
A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /doctorprofile.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-13531
A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public a...
CVE-2026-13530 itsourcecode Hospital Management System Appointment appointmentdetail.php sql injection
A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotel...
CVE-2026-13530
The vulnerability CVE-2026-13530 affects itsourcecode Hospital Management System 1.0, specifically the Appointment Handler component through the file /appointmentdetail.php. The issue arises from manipulating the argument editid, leading to an SQL injection. Evidence indicates the attack can be c...
CVE-2026-13526 SourceCodester Class and Exam Timetabling System edit_class.php sql injection
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /editclass.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used...
CVE-2026-13521
The CVE concerns SourceCodester Class and Exam Timetabling System (1.0/5.php). The vulnerability is a SQL injection in an unknown function of /preview5.php, triggered by manipulating the course_year_section parameter. This is a network-accessible issue with a public exploit and PoC; impact is des...
CVE-2026-13520
The CVE describes a SQL injection in itsourcecode Hospital Management System v1.0, affecting the file /appointmentapproval.php (component: Appointment Handler). The vulnerability is triggered by manipulating the editid parameter, enabling remote exploitation. Exploit evidence is indicated as publ...
CVE-2026-13496
CVE-2026-13496 affects itsourcecode Hospital Management System 1.0. The vulnerability is a SQL injection in the /ajaxmedicine.php file, triggered by manipulating the medicineid parameter. This can be exploited remotely, and public exploit code exists. The exact vulnerable function within ajaxmedi...
CVE-2026-13488
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/7.php. Affected by this vulnerability is an unknown functionality of the file /preview7.php. The manipulation of the argument courseyearsection results in sql injection. The attack may be launched remotely...
EUVD-2026-39985
A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /preview.php. Performing a manipulation of the argument courseyearsection results in sql injection. The attack can be initiated remotely. The exploit has been made publi...
PT-2026-53099
Name of the Vulnerable Software and Affected Versions SourceCodester Class and Exam Timetabling System version 1.0 Description An SQL injection issue exists in the /preview6.php endpoint. A remote attacker can exploit this by manipulating the course year section variable, allowing for the executi...
CVE-2026-13333 Groundhogg <= 4.5.5 - Authenticated (Sales Rep+) SQL Injection via 'query[select]' Parameter
The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via 'queryselect' Parameter in all versions up to, and including, 4.5.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
CVE-2026-52785
OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to request historic work-package attributes using the timestamps parameter. This vulnerability is fix...
CVE-2026-57663
Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes = 8.2.7 versions...
CVE-2026-57663
CVE-2026-57663 describes a SQL Injection vulnerability in the WordPress plugin Zip Recipes (Recipe Maker For Your Food Blog) versions