484 matches found
SQL Injection
phpPgAdmin is vulnerable to SQL Injection. The vulnerability is due to direct execution of user-supplied input from the $REQUEST'query' parameter without sanitization or parameterization, which allows an attacker to execute arbitrary SQL commands and compromise the database...
SQL Injection
devcode-it/openstamanager is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the display parameter in API requests, which allows an attacker to execute arbitrary SQL queries and compromise the database...
Admidio has a Second-Order SQL Injection via List Configuration (lsc_special_field, lsc_sort, lsc_filter)
The MyList configuration feature in Admidio allows authenticated users to define custom list column layouts. User-supplied column names, sort directions, and filter conditions are stored in the admlistcolumns table via prepared statements safe storage, but are later read back and interpolated...
EUVD-2025-208665
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, and 6.2.1.0 through 6.2.1.11 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or...
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
CVE-2026-29174
CVE-2026-29174 : Craft Commerce (Craft CMS) is vulnerable to SQL injection in the inventory levels endpoint. The sort[0][direction] and sort[0][sortField] parameters are concatenated into addOrderBy() without validation, allowing an authenticated attacker with access to the Commerce Inventory sec...
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
CVE-2026-29174 Craft Commerce has a SQL Injection in Commerce Inventory Table Sorting
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
GHSA-PMGJ-GMM4-JH6J Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting
Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...
CVE-2026-23627
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
EUVD-2026-8700
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
CVE-2026-23627
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
CVE-2026-23627 OpenEMR has SQL Injection in Immunization Search/Report
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any authenticated user to execute arbitrary SQL queries, leading to complete database compromise, PHI...
PT-2026-7888
Name of the Vulnerable Software and Affected Versions newbee-mall affected versions not specified Description The software stores and verifies user passwords using an unsalted MD5 hashing algorithm. This implementation lacks per-user salts and computational cost controls. Attackers obtaining...
CVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
CVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
CVE-2026-0488
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...
CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor)
An authenticated attacker in SAP CRM and SAP S/4HANA Scripting Editor could exploit a flaw in a generic function module call and execute unauthorized critical functionalities, which includes the ability to execute an arbitrary SQL statement. This leads to a full database compromise with high impa...