CVE-2026-48240 Open ISES Tickets < 3.44.2 SQL Injection via ajax/statistics.php tick_id and f_tick_id Parameters

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tickid and ftickid POST parameters are concatenated into WHERE clauses of SELECT statements in the statistics rollup queries without sanitization. Authenticated attackers can craft requests tha...

CVE-2021-47909

CVE-2021-47909 concerns Mult-E-Cart Ultimate 2.4, with multiple SQL injection flaws in the inventory, customer, vendor, and order modules. The underlying issue is injectable SQL via the vulnerable id parameter, which remote attackers with vendor/admin privileges could exploit to run arbitrary SQL...

EUVD-2025-206277

Multiple SQL Injection vulnerabilities exist in AbhishekMali21 GYM-MANAGEMENT-SYSTEM 1.0 via the 'name' parameter in 1 membersearch.php, 2 trainersearch.php, and 3 gymsearch.php, and via the 'id' parameter in 4 paymentsearch.php. An unauthenticated remote attacker can exploit these issues to inje...

EUVD-2020-27288

Malware in sbrugna...

EUVD-2020-27287

Malware in sbrugna...

WordPress Multi Video Box plugin <= 1.5.2 - Reflected Cross-Site Scripting via video_id and group_id Parameters vulnerability

Reflected Cross-Site Scripting via videoid and groupid Parameters vulnerability discovered by johska in WordPress Plugin Multi Video Box versions = 1.5.2...

CVE-2025-29426

Code-projects Online Class and Exam Scheduling System V1.0 is vulnerable to Cross Site Scripting XSS in /pages/class.php via the id and cys parameters...

Holded 跨站脚本漏洞

Holded is a business management software from Holded. A cross-site scripting vulnerability exists in Holded versions prior to 4.20.0 that stems from allowing an attacker to store a JavaScript payload in all editable parameters in the Genera, Team ID functions, which could lead to a session takeov...

Campcodes Beauty Salon Management System SQL注入漏洞

Campcodes Beauty Salon Management System is a beauty salon management system from Campcodes, Inc. Campcodes Beauty Salon Management System suffers from a SQL injection vulnerability that stems from the operation of certain unknown handled id parameters in the file /admin/delcategory.php that can...

SeedDMS 安全漏洞

SeedDMS formerly known as LetoDMS and MyDMS is a set of open source document management system based on PHP and MySql . The system is mainly used for storing and sharing documents. A security vulnerability exists in SeedDMS version 6.0.15, which originated from a vulnerability that allows an...

MNBikeways database SQL注入漏洞

MNBikeways database is a MNBikeways open source application. MNBikeways database suffers from a SQL injection vulnerability that stems from the fact that incorrect manipulation of the parameter id1/id2 can lead to sql injection...

ANCOM WLAN Controller WLC-1000 跨站脚本漏洞

The ANCOM WLAN Controller WLC-1000 is an industrial control system. A security vulnerability exists in the ANCOM WLAN Controller WLC-1000 and WLC-4006 that allows an attacker to include multiple cross-site scripting vulnerabilities in the "/authen/start/" module via the user ID and password...

CVE-2020-6132

SQL injection vulnerability exists in the ID parameters of OS4Ed openSIS 7.3 pages. The id parameter in the page ChooseCP.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability...

XellPlan Multiple Sql Injection Vulnerability

Exploit for php platform in category web applications ============================================= XellPlan Multiple Sql Injection Vulnerability ============================================= .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://xellplan.sourceforge.net/ .:. Bug Type ...

Sql injection

SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the 1 category and 2 id parameters...

CVE-2004-1966

Multiple SQL injection vulnerabilities in Open Bulletin Board OpenBB 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 FID parameter in board.php, 2 sortorder, perpage, or id parameters in member.php, 3 forums parameter in search.php, or 4 PID or FID parameters ...