3892 matches found
CVE-2026-2103
Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...
CVE-2025-13379
IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...
AhadPOS SQL注入漏洞
AhadPOS is a web-based point-of-sale software developed by RIMbalinux’s individual developers. Version 1.11 of AhadPOS contains an SQL injection vulnerability, which stems from the alamatCustomer parameter being susceptible to SQL injections. This vulnerability could allow attackers to extract...
html5_snmp SQL注入漏洞
html5snmp is an HTML project developed by Pongtud Bualerd. Version 1.11 of html5snmp contains a SQL injection vulnerability. This vulnerability stems from the RouterID and RouterIP parameters, which may allow attackers to extract or modify database information...
PT-2026-6865
Summary Critical Time-Based Blind SQL Injection vulnerability in the article pricing module of OpenSTAManager v2.9.8 allows authenticated attackers to extract complete database contents including user credentials, customer data, and financial records through time-based Boolean inference attacks...
PT-2026-6732
Name of the Vulnerable Software and Affected Versions Infor SyteLine ERP affected versions not specified Description The software utilizes hard-coded, static cryptographic keys for encrypting stored credentials, including user passwords, database connection strings, and API keys. These encryption...
CVE-2025-69213
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...
CVE-2025-69213
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...
EUVD-2025-206783
OpenSTAManager is an open source management software for technical assistance and invoicing. In version 2.9.8 and prior, a SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the...
WeGIA - Directory Traversal
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...
PT-2026-5909
Name of the Vulnerable Software and Affected Versions Delta Course Automation versions through 04022026 Description Delta Course Automation is susceptible to a SQL Injection issue due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized...
CVE-2020-37081
Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database manageme...
OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint)
Summary A SQL Injection vulnerability exists in the ajaxcomplete.php endpoint when handling the getsedi operation. An authenticated attacker can inject malicious SQL code through the idanagrafica parameter, leading to unauthorized database access. Proof of Concept Vulnerable Code File:...
CVE-2020-37116
GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise...
CVE-2020-37110
60CycleCMS 2.5.2 contains an SQL injection vulnerability in news.php and common/lib.php that allows manipulation of database queries via unvalidated input (e.g., the 'title' parameter). Impact includes potential data extraction or modification (confidentiality and integrity). Root cause: unvalida...
CVE-2026-1432 SQL injection (SQLi) on the Buroweb platform
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STA&PAGECODE=TABLON'. Exploiting this...
EUVD-2026-5293
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APPCODE=STA&PAGECODE=TABLON'. Exploiting this...
CVE-2026-1432
CVE-2026-1432 concerns the Buroweb platform (version 2505.0.12) with a SQL injection in the tablon component. Public details specify that input is not correctly sanitized across multiple parameters in the API endpoint /sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON, enabling attackers to...