BitZoom SQL注入漏洞

BitZoom is a Bitcoin trading tool developed by the BitZoom company. Version 1.0 of BitZoom has a SQL injection vulnerability. This vulnerability stems from the rollno and username parameters in the forgot.php and login.php files, which allow for SQL injections. This could lead to the execution of...

PT-2026-23731

Name of the Vulnerable Software and Affected Versions TimescaleDB versions 2.23.0 through 2.25.1 Description TimescaleDB is a time-series database that functions as a Postgres extension. A flaw exists where PostgreSQL’s use of the search path setting can allow a malicious user to create functions...

Phpmassmail EverSync 安全漏洞

Phpmassmail EverSync is a synchronization tool developed by the Phpmassmail company. Version 0.5 of Phpmassmail EverSync contains a security vulnerability. This vulnerability stems from the existence of arbitrary files in the files directory, which may lead to the download of database files...

PT-2026-23678

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to index.php with crafted SQL payloads in the search parameter to...

Rmedia SMS SQL注入漏洞

Rmedia SMS is a SMS gateway system developed by Ananditwiz. Version 1.0 of Rmedia SMS has a SQL injection vulnerability. This vulnerability stems from the gid parameter in the editgrp.php file, which allows for SQL injections, potentially leading to the extraction of database schemas and sensitiv...

Ghostfolio SQL注入漏洞

Ghostfolio is an open-source personal wealth management software developed by Ghostfolio. Versions of Ghostfolio prior to 2.244.0 contained a SQL injection vulnerability. This vulnerability stemmed from bypassing symbol validation, which could allow arbitrary SQL commands to be executed through t...

Salzer Maitra SQL注入漏洞

Salzer Maitra is a business management software platform developed by the American company Salzer. Version 1.7.2 of Salzer Maitra contains a SQL injection vulnerability. This vulnerability stems from the mailid parameter in the outmail and inmail modules, which allows for SQL injections...

PT-2026-23699

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca login.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

Tina4 Stack SQL注入漏洞

Tina4 Stack is a collection of full-stack development frameworks provided by Tina4 Corporation. Version 1.0.3 of Tina4 Stack contains an SQL injection vulnerability. This vulnerability stems from allowing direct access to database files and SQL injections, which may enable unverified attackers to...

PT-2026-23685

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT functions to retriev...

PT-2026-23647

Name of the Vulnerable Software and Affected Versions Ghostfolio versions prior to 2.244.0 Description Ghostfolio is a wealth management software susceptible to arbitrary SQL command execution. An attacker can bypass symbol validation to execute SQL commands through the getHistorical method...

Rocket.Chat 安全漏洞

Rocket.Chat is a chat software developed by the Rocket.Chat company. There were security vulnerabilities in versions prior to 7.10.8, 7.11.5, 7.12.5, 7.13.4, 8.0.2, 8.1.1, and 8.2.0. These vulnerabilities stemmed from the direct embedding of MongoDB query selectors into user inputs in the account...

PT-2026-23705

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authenticati...

PT-2026-23675

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. Attackers can submit crafted POST requests with SQL UNION statements to...

PT-2026-23638

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.8.3 Description Chartbrew is a web application that connects to databases and APIs to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against...

PT-2026-23673

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. Attackers can submit crafted SQL statements...

Pedidos SQL注入漏洞

Pedidos is an order management system developed by the Spanish company Pedidos. Version 1.0 of Pedidos contains a SQL injection vulnerability. This vulnerability stems from the q parameter in the ajax/loadproveedores.php file, which allows for arbitrary SQL queries to be executed and database...

GPS Tracking System SQL注入漏洞

GPS Tracking System is a GPS tracking system developed by lahirutm. Version 2.12 of GPS Tracking System has a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the login.php file, which could allow unverified attackers to bypass...

PT-2026-23701

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod id' parameter. Attackers can send POST requests to the editar producto.php endpoint with crafted SQL payloads in the mod...

PT-2026-23708

Name of the Vulnerable Software and Affected Versions OOP CMS BLOG version 1.0 Description The software contains SQL injection flaws that permit unauthenticated attackers to execute arbitrary SQL queries through multiple parameters. Attackers can inject SQL commands via the search parameter in...