Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)

The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...

EUVD-2026-10922

Sylius has a DQL Injection via API Order Filters...

CVE-2025-26385

Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command Command Injection Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects Metasys: Application and Data Server ADS installed...

WordPress plugin Traveler SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2023-60237

Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL code in the 'id' parameter of the admin index page to execute time-based blind SQL injection attacks...

EUVD-2025-204316

Advantech WebAccess/SCADA is vulnerable to SQL injection, which may allow an attacker to execute arbitrary SQL commands...

EUVD-2012-6605

Malware in sbrugna...

CVE-2025-10012

Portabilis i-Educar up to 2.10 is affected by an SQL injection in educar_historico_escolar_lst.php via manipulation of the ref_cod_aluno parameter. The issue enables remote exploitation and has been publicly disclosed. Remediation per sources is to upgrade to a version newer than 2.10 or apply th...

CVE-2025-26971

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5...

VulnCheck KEV: CVE-2021-24183

The tutorquizbuildergetquestionform AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students...

Redmine SQL Injection Vulnerability

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A SQL injection vulnerability exists in Redmine. The vulnerability stems from a lack of validation o...

Fiyo CMS SQL Injection Vulnerability (CNVD-2017-23890)

Fiyo CMS is a content management system CMS for creating CMS templates. A SQL injection vulnerability exists in the /apps/apparticle/controller/editor.php file in Fiyo CMS version 2.0.7. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the help of $POST'id'...