CVE-2026-40833

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-40836 Authenticated SQLi in inmessage model

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the inmessage model due to improper neutralization of special elements in a SQL DELETE command allowing for reading the whole database and deleting entries in a non critical table. This can result in a...

CVE-2026-40833 Authenticated SQLi in saveDashboardLayout function

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-40833

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dash.php files saveDashboardLayout function due to improper neutralization of special elements in a SQL INSERT command allowing for reading the whole database and inserting entries into a non...

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

CVE-2026-9003 TONNET｜E-LAN Hybrid Recording System - SQL Injection

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents...

EUVD-2025-201691

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

CVE-2025-12503

EasyFlow .NET and EasyFlow AiNet developed by Digiwin has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents...

Changing Clinic Image System SQL注入漏洞

Changing Clinic Image System is a computer system for managing and displaying medical images from Changing Taiwan, China. The Changing Clinic Image System suffers from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks, which could lead to an unauthenticated...

CVE-2025-3707

The eHDR CTMS from Sunnet has a SQL Injection vulnerability, allowing remote attackers with regular privileges to inject arbitrary SQL command to read database contents...

WebITR SQL Injection Vulnerability

WebITR is an online time and attendance system. A SQL injection vulnerability exists in Kaifa Technology WebITR version 21023, which stems from insufficient validation of user input and can be exploited by remote attackers to inject arbitrary SQL commands to read a database...

CVE-2018-10197

There is a time-based blind SQL injection vulnerability in the Access Manager component before 9.18.040 and 10.x before 10.18.040 in ELO ELOenterprise 9 and 10 and ELOprofessional 9 and 10 that makes it possible to read all database content. The vulnerability exists in the ticket HTTP GET...

Cory Support - 'pr' SQL Injection

Exploit : Cory Support pr SQL Injection Vulnerability Author : v3n0m Contact : v3n0matoutlookdotcom Date : September, 06-2017 GMT +7:00 Jakarta, Indonesia Developer : Cory App Software : Cory Support App Link : http://coryapp.com/?product&index Demo : http://coryapp.com/demo/support/ Tested On :...

B2B Script 4.27 - SQL Injection

Vulnerability: B2B Script v4.27 - SQL Injection Date: 18.01.2017 Software link: http://itechscripts.com/b2b-script/ Demo: http://b2b.itechscripts.com Price: 199$ Category: webapps Exploit Author: Dawid Morawski Website: http://www.morawskiweb.pl Contact: [email protected] 1. Description...

Design/Logic Flaw

admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote attackers to read the database via a SaveSQL action...

Design/Logic Flaw

CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for network communication and the internal database, which makes it easier for context-dependent attackers to obtain sensitive information by 1 sniffing the network for transmissions of Java objects or 2 reading the database...

PostNuke FormExpress Module - Blind SQL Injection

Date: 17/03/2010 Software Link: http://sourceforge.net/projects/pn-formexpress/ Version: 0.3.2 PostNuke ContentExpress Module Blind Sql Injection Reported by Sharif University of Technology CSIRT Vulnerability Analysis and Penetration Testing Group cert.sharif.edu , nsc.sharif.edu === POC ===...

Debian Security Advisory DSA 005-1 (slocate)

The remote host is missing an update to slocate announced via advisory DSA 005-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...