1389 matches found
CVE-2017-20264
Summary: CVE-2017-20264 affects Joomla! Component Sponsor Wall 8.0. An SQL injection vulnerability exists in the wallid parameter via GET requests to index.php with option=com_sponsorwall&task=click&wallid, allowing unauthenticated attackers to execute arbitrary SQL and potentially exfiltrate cre...
CVE-2017-20262
CVE-2017-20262 affects the Joomla! extension Ajax Quiz (version 1.8). The vulnerability is an SQL injection in the cid parameter, exploitable via GET requests to index.php with option=com_ajaxquiz and view=ajaxquiz. An unauthenticated attacker can execute arbitrary SQL and retrieve sensitive data...
CVE-2017-20261
CVE-2017-20261 affects Joomla! Component Bargain Product VM3 1.0. It is an SQL injection vulnerability in the product_id parameter that allows unauthenticated attackers to execute arbitrary SQL queries by injecting code via GET requests to the brainy and alice views, enabling extraction of sensit...
CVE-2017-20255 Joomla! Component JB Visa 1.0 SQL Injection via visatype
Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=combookpro and view=popup parameter...
PT-2026-50960
Name of the Vulnerable Software and Affected Versions Joomla Payage version 2.05 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to the 'index.php' endpoint with malicious...
PT-2026-50959
Name of the Vulnerable Software and Affected Versions JoomRecipe version 1.0.3 Description An SQL injection allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. This is achieved by sending GET requests to the 'all-recipes' endpoint...
EUVD-2026-37872
claudiopizzillo PIAF-HMS PBX-In-A-Flash Hotel Management System; no released versions, latest commit 389d2633441b65ced1c104212cd62be2bfca21e5 contains multiple unauthenticated SQL injection vulnerabilities. The application has no authentication mechanism and passes user-supplied HTTP parameters...
EUVD-2026-37844
The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to generic SQL Injection via the 'sortdirection' parameter in all versions up to, and including, 4.0.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL...
CVE-2026-8443
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...
CVE-2026-48874
The CVE documents an SQL Injection in WordPress GamiPress plugin versions
EUVD-2026-36811
Unauthenticated SQL Injection in Funnel Builder by FunnelKit = 3.15.0.1 versions...
CVE-2016-20069
CVE-2016-20069 affects WordPress plugin WordPress Booking Calendar Contact Form 1.0.23. It contains an unauthenticated blind SQL injection in the shortcode function where the calendar parameter is not sanitized before being used in database queries. This allows an attacker to inject SQL commands ...
CVE-2026-3326 XStore < 9.7.3 - Unauthenticated SQLi
The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...
CVE-2026-11484
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public an...
CVE-2026-10731 SQL injection in Nemon products
SQL injection in the ‘twostepsauthcode’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication 2FA functionality can be accessed without prior authentication, allowing unauthenticated attackers to execute arbitrary SQL queri...
CVE-2026-44744
Affected software : SAP S/4HANA On-Premise. Vulnerability : SQL injection in a remote-enabled function module component. Root cause / what’s vulnerable : An authenticated attacker could influence SQL queries via the affected function module, potentially enabling unauthorized database queries. Imp...
WordPress plugin Wow Forms SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-47762
Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST parameter. Attackers can send requests to the admin-ajax.php endpoint with the 'spAjaxResults' actio...
CVE-2026-11506
A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/searchstafffordeletion.php. The manipulation of the argument Name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to t...
CodeAstro Student Attendance Management System 注入漏洞
CodeAstro Student Attendance Management System is a student attendance management system developed by CodeAstro Inc. Version 1.0 of the CodeAstro Student Attendance Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter className in...