CVE-2018-25434

WP AutoSuggest 0.24 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wpaskeys parameter. Attackers can send GET requests to autosuggest.php with crafted wpaskeys values to extract sensitive...

CVE-2018-25428

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2026-10184

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function of the file /classes/Users.php?f=delete. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-49489

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform...

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0075

In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0075

The CVE-2026-0075 entry describes a SQL injection that could permit access to the contacts database, enabling local escalation of privilege with no additional privileges required and no user interaction needed. Connected documents (including RH/CVE, EUVD, NVD, CNNVD, and others) reiterate the sam...

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

CVE-2026-49491 Pixa Bank 2.0 SQL Injection via agence-ajax.php API

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

CVE-2018-25433 Joomla JE Photo Gallery 1.1 SQL Injection via categoryid

Joomla Component JE Photo Gallery 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting malicious SQL code through the categoryid parameter. Attackers can send GET requests to index.php with crafted categoryid values in the...

CVE-2018-25431 No-Cms 1.0 SQL Injection via order_by Parameter

No-Cms 1.0 contains an SQL injection vulnerability in the orderby parameter of the manageprivilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manageprivilege/index/export with malicious SQL code in the...

CVE-2018-25430 Paroiciel 11.20 SQL Injection via eGeqIdEquipe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the eGeqIdEquipe parameter. Attackers can send GET requests to the egeq.php endpoint with crafted SQL payloads to extract sensitive...

CVE-2018-25429 Paroiciel 11.20 SQL Injection via zProIdPro Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

CVE-2018-25430

Paroiciel 11.20 contains an SQL injection vulnerability in the egeq.php endpoint, exploitable by an authenticated user via the egeqIdEquipe parameter in GET requests to execute arbitrary SQL and extract sensitive database information (including version details). This aligns with the CVSS metrics ...

CVE-2018-25428 Paroiciel 11.20 SQL Injection via tRecIdListe Parameter

Paroiciel 11.20 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tRecIdListe parameter. Attackers can send GET requests to the trec.php endpoint with crafted SQL payloads to extract database...

CVE-2018-25428

Technical details are not publicly available in the provided documents. Monitor for updates.