Lucene search
K

1197 matches found

NVD
NVD
added 2026/03/11 8:16 p.m.6 views

CVE-2026-31895

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS0.00387EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/11 7:8 p.m.2 views

CVE-2026-31895 WeGIA has a SQL Injection via Direct Query Interpolation in restaurar_produto.php

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:8 p.m.4 views

CVE-2026-31895

WeGIA is a web manager for charitable institutions. Prior to version 3.6.6, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in html/matPat/restaurarproduto.php. The idproduto parameter from $GET is directly interpolated into SQL queries without...

8.8CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/09 3:30 a.m.6 views

EUVD-2026-10282

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchaseinvoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The explo...

8.8CVSS6.4AI score0.00301EPSS
Exploits1References6
NVD
NVD
added 2026/03/09 3:15 a.m.6 views

CVE-2026-3793

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

8.8CVSS0.00368EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/09 1:32 a.m.4 views

CVE-2026-3793 SourceCodester Sales and Inventory System GET Parameter sales_invoice1.php sql injection

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file salesinvoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack...

6.5CVSS5.7AI score0.00368EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.6 views

PT-2026-23998

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A flaw exists in SourceCodester Sales and Inventory System 1.0 related to the handling of a GET parameter. Specifically, manipulation of the sellid argument within the sales...

8.8CVSS6.5AI score0.00368EPSS
Exploits1References11
OSV
OSV
added 2026/03/08 5:16 p.m.5 views

CVE-2026-3751

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

7.2CVSS5.7AI score0.00313EPSS
Exploits1References5
NVD
NVD
added 2026/03/08 5:16 p.m.6 views

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

7.2CVSS0.00313EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/03 9:51 p.m.10 views

CVE-2026-24415

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contains Reflected XSS vulnerabilities in invoice/order/contract modification modals. The application fails to properly sanitize user-supplied input from the righe GET...

5.1CVSS6AI score0.00245EPSS
Exploits3References2Affected Software1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.7 views

OpenSTAManager 跨站脚本漏洞

OpenSTAManager is an open-source management software for technical assistance and billing developed by Devcode. Versions of OpenSTAManager prior to v2.9.8 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the righe GET parameters in the modal box...

6.1CVSS5.4AI score0.00245EPSS
Exploits3References1
NVD
NVD
added 2026/03/02 3:16 p.m.17 views

CVE-2025-50188

Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the GET value parameter with the following scripts: /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php, which allows an...

7.2CVSS0.00708EPSS
Exploits1References3
CVE
CVE
added 2026/03/02 2:47 p.m.12 views

CVE-2025-50188

CVE-2025-50188 affects Chamilo LMS prior to version 1.11.30. The vulnerability arises from insufficient validation of user-supplied data in GET parameters for the scripts /plugin/vchamilo/views/syncparams.php and /plugin/vchamilo/ajax/service.php , enabling an attacker to alter database query log...

7.2CVSS6AI score0.00708EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/02 11:16 a.m.6 views

CVE-2025-58402

The CGM CLININET application uses direct, sequential object identifiers "MessageID" without proper authorization checks. By modifying the parameter in the GET request, an attacker can access messages and attachments belonging to other users...

8.8CVSS5.9AI score0.00215EPSS
Exploits0References3
CVE
CVE
added 2026/03/02 11:16 a.m.11 views

CVE-2025-58402

CVE-2025-58402 affects the CGM CLININET application, where direct, sequential MessageID parameters enable unauthorized access to messages and attachments across users due to missing authorization checks. The issue is an Insecure Direct Object Reference (IDOR) that allows modification of GET param...

7.5CVSS5.9AI score0.00215EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a SQL injection vulnerability. This vulnerability stemmed from insufficient validation of user data for the GET value parameters in the scripts /plugin/vchamilo/views/syncparams.php...

7.2CVSS5.9AI score0.00708EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.4 views

CVE-2026-27743

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

9.8CVSS6.2AI score0.00595EPSS
Exploits1References1
NVD
NVD
added 2026/02/25 4:16 a.m.11 views

CVE-2026-27743

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

9.8CVSS0.00595EPSS
Exploits1References5
OSV
OSV
added 2026/02/25 3:8 a.m.6 views

CVE-2026-27743 SPIP referer_spam < 1.3.0 Unauthenticated SQL Injection

The SPIP refererspam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the refererspamajouter and refererspamsupprimer action handlers. The handlers read the url parameter from a GET request and interpolate it directly into SQL LIKE clauses without input...

9.3CVSS6.3AI score0.00595EPSS
Exploits1References8
CVE
CVE
added 2026/02/25 3:8 a.m.11 views

CVE-2026-27743

The CVE-2026-27743 entry describes an unauthenticated SQL injection in the SPIP referer_spam plugin prior to version 1.3.0. The vulnerable components are the referer_spam_ajouter and referer_spam_supprimer action handlers, which read the url parameter from a GET request and interpolate it directl...

9.8CVSS6.2AI score0.00595EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder