CVE-2026-9449

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-9449

Technical details about CVE-2026-9449 are not publicly available in the provided documents. Monitor for updates; no vendor/product/version specifics or remediation are disclosed here.

CVE-2026-9449 code-projects Employee Management System changepassemp.php sql injection

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-9447 SourceCodester Simple POS and Inventory System search.php sql injection

A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file /user/search.php. Performing a manipulation of the argument Name results in sql injection. The attack is possible to be carried out remotely. The exploit has be...

EUVD-2026-31660

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-9446

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/editcustomer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed t...

CVE-2026-9446

CVE-2026-9446 affects SourceCodester Simple POS and Inventory System 1.0. The vulnerability is an SQL injection in /admin/edit_customer.php (parameter ID). Root cause: unsafely constructed SQL from user-controlled input, enabling remote exploitation. Exploit status in docs indicates public disclo...

CVE-2026-9411 SourceCodester Indian Invoicing System Invoice Generation IGST_Invoice.php sql injection

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGSTInvoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customername/category results in sql injection. The...

PT-2026-43232

Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter type id, filter pid id, and filter search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL...

PT-2026-43034

Name of the Vulnerable Software and Affected Versions SourceCodester Simple POS and Inventory System version 1.0 Description A remote SQL injection is possible due to improper manipulation of the Name argument within an unknown function in the '/user/search.php' endpoint. SQL injection is a type ...

PT-2026-43223

mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries through the product parameter in URL rewrite functionality. Attackers can inject SQL code using boolean-based blind, time-based blind, or stacked query...

PT-2026-43085

SQL Injection affecting the Access Manager role...

PT-2026-43155

Name of the Vulnerable Software and Affected Versions JetEngine versions prior to 3.8.8.2 Description Improper neutralization of special elements used in an SQL command allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution to manipulate ...

Joomla! Component eXtroForms SQL注入漏洞

Joomla! Component eXtroForms is an open source Joomla! A SQL injection vulnerability exists in Joomla! Component eXtroForms version 2.1.5, which stems from an SQL injection in the filtertypeid, filterpidid, and filtersearch parameters, which could allow an authenticated attacker to extract...

PT-2026-43031

A vulnerability has been found in SourceCodester Simple POS and Inventory System 1.0. The affected element is an unknown function of the file /admin/edit customer.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed ...

PT-2026-43036

A vulnerability was identified in code-projects Employee Management System 1.0. This impacts an unknown function of the file /changepassemp.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

CVE-2026-9364

A flaw has been found in projectworlds Online Art Gallery Shop 1.0. Impacted is an unknown function of the file /admin/adminHome.php. Executing a manipulation of the argument sociallinked can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be use...

CVE-2026-9356

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

EUVD-2026-31568

A vulnerability has been found in SourceCodester Hospitals Patient Records Management System 1.0. This affects an unknown function of the file /admin/patients/managehistory.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has...

CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...