Lucene search
K

738 matches found

Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1904

Name of the Vulnerable Software and Affected Versions themesuite Automotive Listings versions n/a through 18.6 Description An issue exists in themesuite Automotive Listings that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows a...

9.8CVSS7.9AI score0.00289EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.14 views

CVE-2025-1135

A vulnerability exists in ChurchCRM 5.13.0. and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the BatchWinnerEntry functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS8.3AI score0.00683EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.19 views

CVE-2025-1134

A vulnerability exists in ChurchCRM 5.13.0 and prior that allows an attacker to execute arbitrary SQL queries by exploiting a boolean-based and time-based blind SQL Injection vulnerability in the DonatedItemEditor functionality. The CurrentFundraiser parameter is directly concatenated into an SQL...

9.3CVSS8.2AI score0.00683EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/05 2:32 p.m.28 views

CVE-2026-0597 Campcodes Supplier Management System edit_profile.php sql injection

A flaw has been found in Campcodes Supplier Management System 1.0. Affected by this issue is some unknown functionality of the file /retailer/editprofile.php. This manipulation of the argument txtRetailerAddress causes sql injection. Remote exploitation of the attack is possible. The exploit has...

6.5CVSS0.00277EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-1021

Name of the Vulnerable Software and Affected Versions affected versions not specified Description The software contains a flaw related to improper handling of special characters within SQL commands, potentially leading to SQL injection. This could allow an attacker to gain unauthorized access to...

7.5CVSS7.1AI score0.00246EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/12/15 12:0 a.m.4 views

Sunbird Power IQ 安全漏洞

Sunbird Power IQ is a data center infrastructure management software from Sunbird, USA. A security vulnerability exists in Sunbird Power IQ version 9.2.0 that stems from an outdated API endpoint that does not properly validate input and could lead to manipulation of SQL queries...

3.3CVSS7.1AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2025/12/02 2:16 p.m.7 views

CVE-2025-41013

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...

9.8CVSS5.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/02 1:13 p.m.2 views

CVE-2025-41013 SQL injection vulnerability in TCMAN GIM

SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...

8.7CVSS7.5AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/02 12:0 a.m.6 views

TCMAN GIM SQL注入漏洞

TCMAN GIM is a management system from TCMAN, Spain. A SQL injection vulnerability exists in TCMAN GIM version v11 20250304, which originates from a SQL injection and could lead to database manipulation...

9.8CVSS7.8AI score0.00251EPSS
Exploits0References1
EUVD
EUVD
added 2025/11/18 12:30 p.m.5 views

EUVD-2025-197978

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

8.7CVSS7.5AI score0.00456EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/11/18 11:24 a.m.4 views

CVE-2025-41348

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

9.8CVSS5.8AI score0.00456EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2025/11/18 11:24 a.m.18 views

CVE-2025-41348

WinPlus v24.11.27 by Informática del Este is affected by an SQL injection vulnerability. The issue stems from insufficient sanitization in the POST endpoint /WinplusPortal/ws/sWinplus.svc/json/getacumper_post, using parameters val1 and cont, which could enable an attacker to recover, create, upda...

9.8CVSS7.7AI score0.00456EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/11/07 12:31 p.m.7 views

EUVD-2025-38246

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...

9.3CVSS7.5AI score0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/07 9:26 a.m.7 views

CVE-2025-10870 SQL injection in DIAL's CentrosNet

SQL injection vulnerability in DIAL's CentrosNet v2.64. Allows an attacker to retrieve, create, update, and delete databases by sending POST and GET requests with the 'ultralogin' parameter in '/centrosnet/ultralogin.php'...

9.3CVSS7.6AI score0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/27 4:2 p.m.11 views

CVE-2025-12293 SourceCodester Point of Sales category.php sql injection

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might b...

7.5CVSS0.00379EPSS
Exploits1References5
OSV
OSV
added 2025/10/20 9:15 p.m.4 views

CVE-2025-60783

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

6.5CVSS5.9AI score0.00244EPSS
Exploits1References2
NVD
NVD
added 2025/10/20 9:15 p.m.5 views

CVE-2025-60783

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

6.5CVSS0.00244EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/20 12:0 a.m.9 views

CVE-2025-60783

There is a SQL injection vulnerability in Restaurant Management System DBMS Project v1.0 via login.php. The vulnerability allows attackers to manipulate the application's database through specially crafted SQL query strings...

0.00244EPSS
Exploits1References2
CVE
CVE
added 2025/10/20 12:0 a.m.13 views

CVE-2025-60783

Insight: CVE-2025-60783 describes a SQL injection in Restaurant Management System DBMS Project v1.0, exploitable via login.php. The root cause is improper handling of user-supplied input in login/auth logic, allowing crafted SQL to alter query logic and potentially access or modify database data....

6.5CVSS7.5AI score0.00244EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/18 6:42 a.m.5 views

CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to modification of data in all versions up to, and including, 4.2.9.2. This is due to missing capability checks on the Admin Tools REST endpoints which are registered with permissioncallback set to returntrue. This makes it...

6.5CVSS5.2AI score0.00415EPSS
Exploits0References7
Rows per page
Query Builder