CVE-2026-3981 itsourcecode Online Doctor Appointment System doctor_action.php sql injection

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

CVE-2026-3981 itsourcecode Online Doctor Appointment System doctor_action.php sql injection

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

CVE-2026-3980 itsourcecode Online Doctor Appointment System patient_action.php sql injection

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

CVE-2026-3657

The CVE-2026-3657 entry concerns the WordPress plugin My Sticky Bar. Affected: all versions insert(), while values are sanitized. Impact: unauthenticated attackers can inject SQL to perform blind time-based data extraction from the database. Remediation: upgrade to version 2.8.7 (fixed in the ref...

CVE-2026-3969 FeMiner wms Basic Organizational Structure depart_add_bg.php sql injection

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/departaddbg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...

PT-2026-24996

Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can send POST requests to index.php with crafted SQL payloads in the features...

Hotel-Booking-Script uHotelBooking SQL注入漏洞

Hotel-Booking-Script uHotelBooking is a hotel room reservation management system developed by Hotel-Booking-Script Inc. Hotel-Booking-Script uHotelBooking has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the systempage parameter, which may allow...

Netartmedia PHP Mall SQL注入漏洞

Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from the presence of SQL injection vulnerabilities in the id and Email parameters, which could...

PT-2026-24964

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

PT-2026-24995

Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with time-based SQL injection payloads in the Email field ...

PT-2026-24974

Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. Attackers can manipulate the kelime parameter with UNION-based SQL injection payloads to extract sensitive data...

PT-2026-24994

Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features parameter. Attackers can submit POST requests to index.php with crafted SQL payloads in the features parameter...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V2 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the admingiris.php login form, whic...

Netartmedia Deals Portal SQL注入漏洞

Netartmedia Deals Portal is a discount trading website system operated by the Bulgarian company Netartmedia. The Netartmedia Deals Portal has a SQL injection vulnerability, which stems from SQL injection attacks in email parameters. This vulnerability could allow unverified attackers to manipulat...

PT-2026-24999

🚨 CVE-2019-25539 202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log user parameter. Attackers can send POST requests to index.php with crafted SQL payloads using time-based blind...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. Version V3 of the Jettweb PHP Ready-made News Sites Script has a SQL injection vulnerability. This vulnerability stems from the videoid parameters, which may allow unauthenticated...

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from the kelime parameter, which allows for SQL injections. It could...

DataEase 路径遍历漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a path traversal...

PT-2026-24997

Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to loginaction.php with malicious SQL payloads in the Email...