CVE-2026-1552 SEMCMS SEMCMS_Info.php sql injection

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

CVE-2026-1552 SEMCMS SEMCMS_Info.php sql injection

A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMSInfo.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be...

PT-2026-5281

berliCRM 1.0.24 contains a SQL injection vulnerability in the 'src record' parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through a crafted POST request to the index.php endpoint to potentially extract or modify database information...

Itsourcecode Society Management System security vulnerabilities

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System contains a security vulnerability, which stems from incorrect handling of parameters in the file/admin/editexpensesquery.php,...

BerliCRM SQL Injection Vulnerability

berliCRM is a customer management system developed by the German company berliCRM. Version 1.0.24 of berliCRM contains a SQL injection vulnerability. This vulnerability stems from the srcrecord parameter in the index.php endpoint, which may lead to manipulative database queries...

Itsourcecode Society Management System security vulnerabilities

itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System contains a security vulnerability, which stems from incorrect handling of parameters in the file admin/addexpenses.php’s detail...

Tanium Asset security vulnerabilities

Tanium Asset is an IT asset inventory and management software developed by the American company Tanium. Tanium Asset has a security vulnerability that can be exploited by SQL injection attacks...

PT-2026-5297

Name of the Vulnerable Software and Affected Versions itsourcecode School Management System version 1.0 Description A flaw exists in itsourcecode School Management System that allows for remote manipulation of the ID argument in the file /ramonsys/faculty/index.php, leading to a SQL injection. Th...

TimeClock SQL injection vulnerability

TimeClock is a time management software developed by TimeClock Corporation. Version 1.01 of TimeClock contains a SQL injection vulnerability. This vulnerability stems from the notes parameter in the addentry.php endpoint, which allows for time-based SQL injections, potentially enabling enumeratio...

📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS

This document articulates an overview of remote SQL injection, command injection, and cross site scripting vulnerabilities found in the Alicorn version from 2004...

PT-2026-5279

Name of the Vulnerable Software and Affected Versions Ultimate Project Manager CRM PRO version 2.0.5 Description A blind SQL injection allows attackers to extract usernames and password hashes from the tbl users database table. This is achieved by crafting malicious search parameters at the...

osTicket 1.18.3 Intelligence and Security Analysis Module

This Metasploit auxiliary module is designed for intelligence gathering, security analysis, and vulnerability discovery in osTicket installations. It performs passive and active reconnaissance without direct exploitation and stores results in the Metasploit database for reporting...

📄 MaNGOSWeb 4.0.6 SQL Injection

MaNGOSWeb version 4.0.6 remote SQL injection proof of concept exploit. ============================================================================================================================================= | Title : MaNGOSWeb V4 4.0.6 Sql Injection | | Author : indoushka | | Tested on :...

SEMCMS SQL Injection Vulnerability

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a SQL injection vulnerability, which stems from incorrect handling of parameters in the file SEMCMSInfo.php, specifically the parameter searchml, potentially...

CVE-2026-1546 jishenghua jshERP com.jsh.erp.datasource.mappers.DepotItemMapperEx importItemExcel getBillItemByParam sql injection

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

CVE-2026-1546

A security vulnerability has been detected in jishenghua jshERP up to 3.6. The impacted element is the function getBillItemByParam of the file /jshERP-boot/depotItem/importItemExcel of the component com.jsh.erp.datasource.mappers.DepotItemMapperEx. The manipulation of the argument barCodes leads ...

NocoDB has Prototype Pollution in Connection Test Endpoint, Leading to DoS

Summary An authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server restart. While the pollution technically bypasses SUPERADMIN authorization...

CVE-2026-1482

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idevaluacion' in '/evaluacionobjetivosevaluadefinido.aspx', could allow an attacker to...

CVE-2026-1472

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'txAny' in '/evaluacioncompetenciasautoevallist.aspx', could allow an attacker to extra...

CVE-2026-1533

A security flaw has been discovered in code-projects Online Music Site 1.0. The impacted element is an unknown function of the file /Administrator/PHP/AdminAddCategory.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the...