82323 matches found
CVE-2019-25697 CMSsite 1.0 SQL Injection via category.php
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...
The Best Vulnerability Scanning Tools for 2026: A Complete Guide
Your vulnerability scanner found 14,000 issues last quarter. Your team patched 800. The other 13,200 are sitting in a spreadsheet that nobody opens anymore. This is the reality for most security teams. The scanner works. It finds vulnerabilities. But without context, prioritization, or a clear pa...
GHSA-W35J-PV5H-Q9Q9 vulnerabilities
Vulnerabilities for packages: strimzi-kafka-operator, spark, solr, neo4j, apache-pulsar, flink...
PT-2026-32169
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to pdf.php with crafted SQL payloads in the 'id' parameter to extract sensitive...
Adianti Framework SQL注入漏洞
Adianti Framework is a framework developed by Adianti for developing PHP applications. Versions 5.5.0 and 5.6.0 of Adianti Framework have SQL injection vulnerabilities. These vulnerabilities stem from insufficient input validation for the name field in the SystemProfileForm, which may lead to SQL...
PT-2026-32163
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to category.php with malicious cat id values to extract sensitive database information...
PT-2026-32175
MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Chargegroup total parameter. Attackers can submit crafted POST requests to the /charge/admin endpoint with error-based, time-based blin...
CF Image Hosting Script 安全漏洞
CF Image Hosting Script is a lightweight image hosting script developed by David Tavarez. Version 1.6.5 of the CF Image Hosting Script contains a security vulnerability. This vulnerability stems from improper access control, which may lead to unauthorized database leaks and file deletion...
PT-2026-32161
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to...
PT-2026-32171
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delete IDs stored in plaintext from the deserialized database and use them to delete all pictures via t...
Dolibarr ERP CRM SQL注入漏洞
Dolibarr ERP CRM is an open-source enterprise and sales management system developed by Dolibarr. Version 8.0.4 of Dolibarr ERP CRM contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the rowid parameter in the admin dict.php file, which may lead...
MyT SQL注入漏洞
MyT is a task management system developed by domgio as an individual project. Version 1.5.1 of MyT contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the Chargegrouptotal parameter in the /charge/admin endpoint, which may lead to SQL injection...
Exploit for SQL Injection in Devcode Openstamanager
CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerabili...
GHSA-92MM-2PJQ-R785 vulnerabilities
Vulnerabilities for packages: task-fips, kots, packer, trivy-operator-fips, packer-fips, trivy, grype-fips, tflint-fips, kubescape-server-fips, crossplane-provider-terraform, cloudbeat, tflint, terraform-fips, k9s-fips, conftest, cg, syft, wolfictl, tfsec, zot, grype, xeol-fips, zarf-fips, k9s,...
CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter
The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2026-5207
The CVE-2026-5207 entry concerns the LifterLMS WordPress plugin (versions up to 9.2.1). It describes an SQL Injection via the ‘order’ parameter due to insufficient escaping and inadequate query preparation. The vulnerability requires authenticated access at Instructor level (with edit_post capabi...
PraisonAI: SQLiteConversationStore didn't validate table_prefix when constructing SQL queries
Summary The tableprefix configuration value is directly used to construct SQL table identifiers without validation. If an attacker controls this value, they can manipulate SQL query structure, leading to unauthorized data access e.g., reading internal SQLite tables such as sqlitemaster and...
SQL Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
SQL Injection
Overview @saltcorn/server is a Server app for Saltcorn, open-source no-code platform Affected versions of this package are vulnerable to SQL Injection via the Literal function. An attacker can execute arbitrary SQL commands, manipulate database schema, or exfiltrate data by injecting crafted inpu...
GHSA-59XV-588H-2VMM @saltcorn/data vulnerable to SQL Injection via jsexprToSQL Literal Handler
Summary The jsexprToSQL function in Saltcorn converts JavaScript expressions to SQL for use in database constraints. The Literal handler wraps string values in single quotes without escaping embedded single quotes, allowing SQL injection when creating Formula-type table constraints. Vulnerable...