mcp-exploitdb-query

mcp-exploitdb-query MCP server to query ExploitDB. This serv...

Jinher OA 注入漏洞

Jinher OA is a collaborative management software developed by Jinher Corporation in China. Version 1.0 of Jinher OA contains a SQL injection vulnerability. This vulnerability stems from the operation of an unknown function on the parameter DeptIDList within the file...

WordPress plugin ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

CVE-2026-7592

The CVE-2026-7592 entry concerns itsourcecode Courier Management System 1.0. The issue affects the file /edit_staff.php, where manipulating the ID parameter can lead to a SQL injection. The vulnerability is described as exploitable remotely with a public exploit available and a PROOF-OF-CONCEPT e...

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7592 itsourcecode Courier Management System edit_staff.php sql injection

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7592

A weakness has been identified in itsourcecode Courier Management System 1.0. This affects an unknown function of the file /editstaff.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public...

CVE-2026-7591 TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection

A security flaw has been discovered in TimBroddin astro-mcp-server up to 1.1.1. The impacted element is an unknown function of the file src/index.ts of the component MCP Tool Query Construction. Performing a manipulation of the argument request.params.arguments results in sql injection. The attac...

MixPHP Framework has an SQL injection vulnerability via crafted `data` array

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

ECHO-E665-D744-85DB

Bulletin has no description...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the joinOn process in BuildHelper.php when a crafted on array is supplied. An attacker can execute arbitrary SQL commands by injecting malicious input. Remediation There is no fixed version for mix/mix. References -...

Malicious code in update-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9b606e43d802d06fa7b5d14f020e7727886462320dd05dca09c16887b15d5a37 The package update-db was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3307 Malicious code in browserslist-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in browserslist-db (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f700f90f8bd70ca869ddaf27285327f5a926c28ac9d80cd5c8cad3ac25bb25ab The package browserslist-db was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-7555 itsourcecode Electronic Judging System login.php sql injection

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-7555

The CVE-2026-7555 entry describes a SQL injection in itsourcecode Electronic Judging System 1.0, affecting the /intrams/login.php component where the Username parameter is manipulated. The vulnerability can be exploited remotely, and exploitation code is publicly available. The available data do ...

EUVD-2026-26481

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-7549

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=deletecustomer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been...

CVE-2026-7553 code-projects Gym Management System edit_exercises.php sql injection

A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editexercises.php. The manipulation of the argument editexercise results in sql injection. It is possible to launch the attack remotely. The exploit...