Lucene search
K

59 matches found

NVD
NVD
added yesterday5 views

CVE-2026-34101

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in textfile.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS
Exploits0References2
NVD
NVD
added yesterday6 views

CVE-2026-34099

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfo.php line 16: SELECT FROM jobs where id = '".$GET'id'."'. No authentication is required. An unauthenticated attacker can perform error-based SQL injection to extract the database version, current...

9.8CVSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-34104

Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php line 124: SELECT FROM complex WHERE name='".$GET'name'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score
Exploits0References3
Cvelist
Cvelist
added yesterday4 views

CVE-2026-34103 Guardian Language-System Unauthenticated SQL Injection via id Parameter in subtitles.php

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41060

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php line 16: SELECT id, filename, extension, type FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-34102

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-41059

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in jobinfoget.php line 16: SELECT FROM jobs where input1 = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract database contents...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-41057

Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php line 17: SELECT id, filename, extension, type, duration, owner, private FROM files where id = '".$GET'id'."'. An authenticated attacker can perform error-based SQL injection to extract...

9.8CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/06/18 10:58 a.m.8 views

EUVD-2026-37874

An SQL Injection vulnerability exists in LMS LAN Management System before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode", allowing...

8.6CVSS5.8AI score0.00216EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/27 12:35 a.m.16 views

Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration

Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reportsconfig permission can supply a malicious SQL configuration that is concatenated into a query and executed. Although the application attempts to filter certain DDL/DML...

6AI score0.00027EPSS
Exploits0References5Affected Software1
GithubExploit
GithubExploit
added 2026/05/21 4:24 a.m.94 views

psqli

psqli Powerfull Automatic Sql injection Tools Pack Fast...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/04/27 11:34 p.m.101 views

SQLi-Scanner-Lab

🕸️ Automated SQLi Vulnerability Scanner & Lab 📌 Project Ov...

5.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/16 6:16 p.m.4 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6AI score0.00328EPSS
Exploits1References2
OSV
OSV
added 2026/04/12 1:16 p.m.2 views

UBUNTU-CVE-2019-25710

Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malicious SQL code through the rowid POST parameter to extract sensitive database information using...

9.1CVSS6.2AI score0.00311EPSS
Exploits1References6
CVE
CVE
added 2026/03/26 11:39 a.m.8 views

CVE-2018-25206

KomSeo Cart 1.3 contains an SQL injection in edit.php via the my_item_search parameter. Attackers can submit POST payloads to perform boolean-based blind or error-based injections to extract sensitive database information. The vulnerability has high impact on confidentiality (C) and low impact on...

8.8CVSS5.9AI score0.00245EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/26 11:39 a.m.28 views

CVE-2018-25206 KomSeo Cart 1.3 SQL Injection via edit.php

KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'myitemsearch' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based...

8.8CVSS0.00245EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:36 p.m.4 views

CVE-2019-25473

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 3:16 p.m.4 views

CVE-2025-50191

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

7.2CVSS0.00537EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/02 2:53 p.m.4 views

CVE-2025-50191 Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30...

7CVSS5.9AI score0.00537EPSS
Exploits1References3
Rows per page
Query Builder