📄 OpenEMR 8.0.0.2 SQL Injection

OpenEMR version 8.0.0.2 contains a remote SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. CVE-2026-33910 - SQL Injection Vulnerability in...

Code-Projects Accounting System SQL注入漏洞

Code-Projects Accounting System is an accounting system open sourced by Code-Projects. Version 1.0 of the Code-Projects Accounting System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the cosid parameter in the file/myaccount/delete.php, which may lead to...

PT-2026-28247

WebOfisi E-Ticaret 4.0 contains an SQL injection vulnerability in the 'urun' GET parameter of the endpoint that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL payloads through the 'urun' parameter to execute boolean-based blind, error-based, time-based...

PT-2026-28295

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description The software suffers from Improper Input Validation, enabling an attacker to inject executable code. This could lead to attacks such as Cross-Site Scripting XSS, SQL Injection, an...

Tandoor Recipes SQL注入漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Recipe API endpoint exposing a hidden debug query...

SourceCodester Food Ordering System SQL注入漏洞

The SourceCodester Food Ordering System is an open-source food ordering system developed by SourceCodester. Version 1.0 of the SourceCodester Food Ordering System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the custom parameter in the purchase.php file,...

Wecodex Restaurant CMS SQL注入漏洞

Wecodex Restaurant CMS is a catering management system developed by Wecodex Corporation. Version 1.0 of Wecodex Restaurant CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL injection attacks...

qdPM SQL注入漏洞

qdPM is a web-based open-source project management tool developed by qdPM Inc. Version 9.1 of qdPM has a SQL injection vulnerability, which stems from insufficient input validation for the filterby parameter. This vulnerability may lead to SQL injection attacks...

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...

OpenEMR SQL注入漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 had a SQL injection...

PT-2026-28287

Name of the Vulnerable Software and Affected Versions HCL Aftermarket DPC affected versions not specified Description HCL Aftermarket DPC is susceptible to SQL Injection, potentially enabling an attacker to retrieve sensitive information from the database. The vulnerability allows an attacker to...

PT-2026-28242

ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive...

Wecodex Library CMS SQL注入漏洞

Wecodex Library CMS is a library management system developed by Wecodex Corporation. Version 1.0 of Wecodex Library CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of the username parameter input, which may lead to SQL injection attacks...

Mediasoftpro ASP.NET jVideo Kit SQL注入漏洞

Mediasoftpro ASP.NET jVideo Kit is a video management and publishing component suite developed by Mediasoftpro. Version 1.0 of Mediasoftpro ASP.NET jVideo Kit contains a SQL injection vulnerability, which stems from insufficient validation of query parameter inputs, potentially allowing SQL...

WebOfisi E-Ticaret 跨站脚本漏洞

WebOfisi E-Ticaret is an e-commerce website building and management system provided by the Turkish company WebOfisi. Version 4.0 of WebOfisi E-Ticaret has a cross-site scripting vulnerability, which stems from insufficient input validation for the “product” parameter. This vulnerability may lead ...

PT-2026-28239

SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloa...

TSPortal 安全漏洞

TSPortal is a team management platform developed by Miraheze. Previous versions of TSPortal had security vulnerabilities; these vulnerabilities stemmed from defects in the validation logic, allowing attackers to create arbitrary user records, leading to uncontrolled database growth and...

OpenEMR 安全漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.3 contained security...

PT-2026-28207

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

PT-2026-28564

Name of the Vulnerable Software and Affected Versions Ella Core versions prior to 1.7.0 Description Ella Core is a 5G core designed for private networks. The NetworkManager role had backup and restore permissions. The restore endpoint accepted any valid SQLite file without content verification...