WordPress plugin Google Review Slider SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2026-10260 CodeAstro Online Job Portal delete-jobs.php sql injection

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CVE-2018-25416

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Attackers can send GET requests to country.php with crafted SQL payloads in the country parameter to extrac...

CVE-2026-34788

Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tagmodel.php at line 168. The updateTagName function directly interpolates user input into the SQL query string without using parameterized queries or proper escapin...

CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

EUVD-2024-1009

Malicious code in bioql PyPI...

The vulnerability of the software tools for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security monitoring and analysis tools FortiAnalyzer and FortiAnalyzer Cloud, stems from the lack of protective measures for the SQL query structure. This allows attackers to exploit the system to disclose sensitive information.

The vulnerability of the software solutions for centralized device management of Fortinet’s FortiManager and FortiManager Cloud, as well as the security event monitoring and analysis solutions of FortiAnalyzer and FortiAnalyzer Cloud, is related to the lack of protective measures for the SQL quer...

The vulnerability of the Service Account Audit Data component of the Windows Active Directory (AD) management and reporting software Zoho ManageEngine ADAudit Plus allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the “Service Account Audit Data” component of the Windows Active Directory AD management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker,...

WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...

WordPress Bit Assist plugin <= 1.5.2 - Authenticated (Subscriber+) SQL Injection via id Parameter vulnerability

Authenticated Subscriber+ SQL Injection via id Parameter vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Bit Assist versions = 1.5.2...

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary SQL code.

The vulnerability of the software for network monitoring and control of IT infrastructure on the SolarWinds Platform is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...

The vulnerability of the WP Sessions Time Monitoring plugin in the fully automatic WordPress content management system allows attackers to expose protected information.

The vulnerability of the WP Sessions Time Monitoring full-automatic content management system’s plugin is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to disclose the protected information...

CVE-2024-0460

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...

The vulnerability in the /ecommerce/admin/settings/setDiscount.php script of the SourceCodester E-Commerce System allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability in the ecommerce/admin/settings/setDiscount.php file of the SourceCodester E-Commerce System is related to the lack of protection for SQL query structures. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of th...

CVE-2022-36696

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestockout...

CVE-2022-29659

Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php...

CVE-2022-28429

Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=...

The vulnerability of the fw.login.php component of the Artica Web Proxy management system allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the fw.login.php component of the Artica Web Proxy server management system is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

SourceCodester Water Billing System SQL Injection Vulnerability

SourceCodester Water Billing System is a water billing system from SourceCodester USA. A SQL injection vulnerability exists in SourceCodester Water Billing System version 1.0, which stems from a failure of the program to properly validate user input, and allows an attacker to perform SQL injectio...

S-CMS School Building System v1.0 SQL Injection Vulnerability in Background aja*** U_s** Parameters

S-CMS is a content management system CMS based on PHP and MySQL. S-CMS School Building System v1.0 has a SQL injection vulnerability in the aja Us parameter in the background, which allows attackers to obtain sensitive information from the database...