PT-2026-30497

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng profile id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng profile id parameter to extract sensitive database...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the paymethod parameter...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

PT-2026-30504

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter user mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data...

PT-2026-30502

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort direction parameter. Attackers can submit malicious SQL statements in the sort direction parameter to extract sensitive database information or...

PT-2026-30433

A security flaw has been discovered in AutohomeCorp frostmourne up to 1.0. Affected is the function httpTest of the file /api/monitor-api/alarm/previewData of the component Alarm Preview. The manipulation results in sql injection. The attack can be launched remotely. The exploit has been released...

C4G Basic Laboratory Information System 访问控制错误漏洞

C4G Basic Laboratory Information System is an open-source laboratory information management system developed by C4G. Version 3.4 of the C4G Basic Laboratory Information System contains a vulnerability related to access control. This vulnerability stems from multiple SQL injection vulnerabilities,...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this vulnerability allows unverified attackers to manipulate database queries...

SourceCodester Record Management System SQL注入漏洞

The SourceCodester Record Management System is an open-source record management system developed by SourceCodester. Version 1.0 of the SourceCodester Record Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the Username parameter in the...

PT-2026-30507

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

News Website Script SQL注入漏洞

News Website Script is a website-building system script from the PHP Scripts Mall community. Version 2.0.5 of News Website Script contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the news ID parameter, which could allow unverified attackers to manipulate...

Debian dsa-6197 : dovecot-auth-lua - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6197 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6197-1 [email protected] https://www.debian.org/securit...

PT-2026-30424

A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process search.php of the component Parameter Handler. Performing a manipulation of the argument...

Advance Gift Shop Pro Script SQL注入漏洞

Advance Gift Shop Pro Script is an e-commerce website script program within the PHP Scripts Mall community. Version 2.0.3 of Advance Gift Shop Pro Script contains a SQL injection vulnerability. This vulnerability allows unverified attackers to execute arbitrary SQL queries without being detected...

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the searchbyextrafields parameter, which could allow attackers to manipulate database queries and extrac...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

PT-2026-30503

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id project parameter. Attackers can send crafted requests with malicious SQL statements in the id project parameter to extract sensitive database...

PT-2026-30500

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language tag parameter. Attackers can submit malicious SQL statements in the language tag parameter to extract sensitive database information or modify...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability; this flaw allows attackers to manipulate database queries...

PT-2026-30492

OpenDocMan 1.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'where' parameter. Attackers can send GET requests to search.php with malicious SQL payloads in the 'where' parameter to extract sensitiv...