1389 matches found
CVE-2026-42847
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...
CVE-2021-47966
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
CVE-2026-7046
The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...
BlueNoteMKVI PHP Timeclock SQL注入漏洞
BlueNoteMKVI PHP Timeclock is an employee attendance and working hours recording system developed by BlueNoteMKVI company, based on PHP and MySQL. Version 1.04 of BlueNoteMKVI PHP Timeclock contains a SQL injection vulnerability. This vulnerability stems from the loginuserid parameter in the...
CVE-2026-22599
Strapi is an open source headless content management system. In versions on the 4.x branch prior to 4.26.1 and on the 5.x branch prior to 5.33.2, a database-query injection vulnerability existed in the Strapi Content-Type Builder write API. An authenticated administrator could inject arbitrary...
CVE-2020-37224
Technical details (affected product/version, root cause, impact, or remediation) are not publicly available in the provided documents. Monitor for updates from the sources for any new information or confirmed fixes.
PT-2026-40834
Name of the Vulnerable Software and Affected Versions Strapi versions 4.0.0 through 4.26.0 Strapi versions 5.0.0 through 5.33.1 Description A database-query injection exists in the Content-Type Builder write API. An authenticated administrator can inject arbitrary database statements through the...
Joomsky Joomla J2 JOBS SQL注入漏洞
Joomsky Joomla J2 JOBS is a Joomla recruitment and job posting management component provided by Joomsky Inc. Version 1.3.0 of Joomsky Joomla J2 JOBS contains a SQL injection vulnerability. This vulnerability stems from authenticated SQL injection attacks, allowing authenticated attackers to injec...
CVE-2026-44862 Authenticated Remote Code Execution via SQL Injection in AOS-8 and AOS-10 Operating Systems
SQL injection vulnerabilities exist in several underlying service components accessible through the AOS-8 and AOS-10 command-line interface and management protocol. An authenticated attacker with administrative privileges could exploit these vulnerabilities by injecting crafted input into...
CVE-2026-34260 SQL injection vulnerability in SAP S/4HANA (SAP Enterprise Search for ABAP)
SAP S/4HANA SAP Enterprise Search for ABAP contains a SQL injection vulnerability that allows an authenticated attacker to inject malicious SQL statements through user-controlled input. The application directly concatenates this malicious user input into SQL queries, which are then passed to the...
PT-2026-39999
Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows SQL Injection. This issue affects E-Commerce Website: before 4.5.001...
EUVD-2026-29034
The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...
CVE-2026-6433
The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval, allowing unauthenticated users to execute arbitrary PHP code on the server...
CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthenticated
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can send POST requests to the combaforms component with malicious JSON payloads in the 'id' field...
CodeAstro Online Catering Ordering System 注入漏洞
The CodeAstro Online Catering Ordering System is an online catering ordering system developed by CodeAstro Corporation. Version 1.0 of the CodeAstro Online Catering Ordering System has a SQL injection vulnerability. This vulnerability stems from the handling of parameter IDs in the...
CVE-2026-44337
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers from unvalidated name and collection arguments. Applications that pass untrusted collection names...
CVE-2024-33722
SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...
CVE-2023-46453
Certain GL.iNet devices with 4.x firmware allow authentication bypass resulting in administrative control of the device via a username that is both a valid SQL statement and a valid regular expression. For example, this affects version 4.3.7 on GL-MT3000 GL-AR300M GL-B1300 GL-AX1800 GL-AR750S...
Django: Django: SQL Injection via crafted column aliases
A flaw was found in Django. This vulnerability allows a remote attacker to perform SQL injection by using specially crafted control characters within column aliases. When these crafted aliases are passed through dictionary expansion to QuerySet methods like annotate or values, it can lead to the...
Online-Hospital-Management-System-has-SQL-Injection
Online Hospital Management System has SQL Injection vulnerabil...