Lucene search
K

22 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-40524 FrontAccounting < 2.4.20 SQL Injection via get_gl_transactions()

FrontAccounting before 2.4.20 contains a SQL injection vulnerability in the getgltransactions function where the filtertype parameter is concatenated directly into a SQL IN clause without parameterization. Attackers with SAGLANALYTIC permission can inject arbitrary SQL by supplying a closing...

8.1CVSS0.00276EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/02 12:0 a.m.10 views

WordPress plugin Geo Mashup SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.5CVSS6AI score0.00311EPSS
Exploits0References1
OSV
OSV
added 2026/04/03 9:57 p.m.3 views

GHSA-MMM5-3G4X-QW39 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals

Description Six confrontarighe.php files across different modules in OpenSTAManager fetchArray 'SELECT mgarticolilang.title, mgarticoli.codice, inrigheinterventi. FROM inrigheinterventi INNER JOIN...

8.8CVSS6.2AI score0.00416EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.3 views

PT-2026-30286

Name of the Vulnerable Software and Affected Versions OpenSTAManager versions prior to 2.10.2 Description OpenSTAManager contains an SQL Injection vulnerability in the confronta righe.php files across different modules. The righe parameter, received via the $ GET'righe' request, is directly...

8.8CVSS6.2AI score0.00416EPSS
Exploits1References8
EUVD
EUVD
added 2026/02/06 6:5 p.m.2 views

EUVD-2026-5639

OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Error-Based SQL Injection vulnerability in the Prima Nota Journal Entry module's add.php file. The application fails to validate that comma-separated...

8.7CVSS5.9AI score0.00344EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:28 p.m.5 views

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

9.8CVSS5.6AI score0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 7:16 p.m.6 views

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

9.8CVSS0.00266EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.2 views

CVE-2026-25240

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

9.8CVSS5.6AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 6:31 p.m.2 views

CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/03 6:31 p.m.9 views

EUVD-2026-5195

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/03 6:31 p.m.29 views

CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:31 p.m.4 views

CVE-2026-25240 PEAR is Vulnerable to SQL Injection in user::maintains() Role IN() Filter

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection vulnerability can occur in user::maintains when role filters are provided as an array and interpolated into an IN ... clause. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6289

Name of the Vulnerable Software and Affected Versions PEAR versions prior to 1.33.0 Description PEAR is a framework and distribution system for reusable PHP components. A SQL injection issue can occur in the user::maintains function when role filters are provided as an array and interpolated into...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2021-29050

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.01091EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/07 12:0 a.m.10 views

PT-2026-51761

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.2.8 Description An authenticated user can execute arbitrary SQL commands, including blind and error-based data extraction from the credential table, due to insufficient validation of the id field in JSON import file...

8.8CVSS6.1AI score0.00283EPSS
Exploits1References10
NVD
NVD
added 2021/12/14 4:15 p.m.22 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS0.01091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/12/14 4:15 p.m.2 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS7.4AI score0.01091EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/12/14 4:15 p.m.3 views

CVE-2021-42064

If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005, 2105, 2011, allows attacker to execute crafted database queries, exposing backend database. The vulnerability is present if th...

9.8CVSS7.4AI score
Exploits0References2
CNNVD
CNNVD
added 2021/12/14 12:0 a.m.4 views

SAP Commerce SQL注入漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. SAP Commerce suffers from an SQL injection vulnerability that stems from the software's lack of effective filtering and...

9.8CVSS8.6AI score0.01091EPSS
Exploits0References4
OSV
OSV
added 2021/09/27 6:15 a.m.6 views

CVE-2021-41329

Datalust Seq before 2021.2.6259 allows users with view filters applied to their accounts to see query results not constrained by their view filter. This information exposure, caused by an internal cache key collision, occurs when the user's view filter includes an array or IN clause, and when...

6.5CVSS6.6AI score0.00954EPSS
Exploits1References2
Rows per page
Query Builder