Code-Projects Online Music Site SQL注入漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the txtcat parameter in...

PT-2026-6989

Name of the Vulnerable Software and Affected Versions code-projects Student Web Portal version 1.0 Description A flaw exists in code-projects Student Web Portal 1.0 that allows for remote execution of SQL injection. The issue is located in the file /check user.php and involves manipulation of the...

PT-2026-7011

A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be...

PT-2026-6962

Name of the Vulnerable Software and Affected Versions projectworlds Online Food Ordering System version 1.0 Description A flaw exists in projectworlds Online Food Ordering System version 1.0, specifically within an unknown function of the /view-ticket.php file. Manipulation of the ID argument can...

CVE-2026-2117 itsourcecode Society Management System edit_activity.php sql injection

A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/editactivity.php. Performing a manipulation of the argument activityid results in sql injection. The attack can be initiated remotely. The exploit has been made...

CVE-2026-2115

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...

CVE-2026-2115 itsourcecode Society Management System delete_expenses.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/deleteexpenses.php. This manipulation of the argument expensesid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published...

CVE-2026-2057

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

CVE-2026-25751

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An information disclosure vulnerability in FUXA allows an unauthenticated, remote attacker to retrieve sensitive administrative database credentials. Exploitation allows an unauthenticated, remote attacker to obtain the full...

CVE-2026-2103

Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt a...

CVE-2026-2089 SourceCodester Online Class Record System controller.php sql injection

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2026-2089

CVE-2026-2089 affects SourceCodester Online Class Record System 1.0. The vulnerability is a SQL injection in the file /admin/subject/controller.php caused by manipulating the ID argument. Exploitation is remote and the exploit has been published, enabling public use. Red Hat, NVD, and other sourc...

CVE-2025-15477 The Bucketlister <= 0.1.5 - Authenticated (Contributor+) SQL Injection via `category` and `id` Shortcode Attributes

The Bucketlister plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode category and id attributes in all versions up to, and including, 0.1.5 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This...

CVE-2026-2073

A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

[SECURITY] Fedora 42 Update: bind-dyndb-ldap-11.11-9.fc42

This package provides an LDAP back-end plug-in for BIND. It features support for dynamic updates and internal caching, to lift the load off of your LDAP server...

CVE-2020-37163

QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'located' parameter in the findmatches endpoint. Attackers can inject UNION-based SQL statements to extract database information including user credentials, database name...

PT-2026-6874

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System 1.0 that allows for SQL injection. This occurs through manipulation of the ID argument within the file...

AMSS++ SQL注入漏洞

AMSS++ is a tool within the Amssplus office management support system. Version 4.31 of AMSS++ has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the id parameter of the modules/mail/main/maildetail.php script, which could allow attackers to access or modify...

QuickDate SQL注入漏洞

QuickDate is a Python time processing library developed by QuickDate Inc. Version 1.3.2 of QuickDate contains a SQL injection vulnerability. This vulnerability stems from the unvalidated parameter “located” in the “findmatches” endpoint, which may lead to SQL injection attacks...

PT-2026-6909

Name of the Vulnerable Software and Affected Versions PHPGurukul Beauty Parlour Management System version 1.1 Description A flaw exists in PHPGurukul Beauty Parlour Management System that allows for SQL injection. This issue is located in the /admin/accepted-appointment.php file. Manipulation of...