5 matches found
CVE-2026-34105
CVE-2026-34105 — Guardian Language-System : The vulnerability is in translate_text.php where the id GET parameter is directly interpolated into an unsanitized SQL query: SELECT id, filename, extension, type FROM files where id = '".$_GET['id']."'. This enables an error-based SQL injection, allowi...
CVE-2026-34104
The CVE-2026-34104 entry describes an unauthenticated SQL injection in Guardian Language-System via the name parameter in designer.php. The flaw arises because the GET parameter name is directly inserted into an unsanitized SQL query (SELECT * FROM complex WHERE name='".$_GET['name']."'), allowin...
CVE-2026-40455
Affected software: LMS (LAN Management System). Vulnerability: SQL Injection in the tarifflist.php module caused by insufficient sanitization of the POST tg[] parameter; the code concatenates user-supplied array values into an SQL query using implode(). Impact / access: authenticated attackers ca...
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query string...
CVE-2018-25206
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...