CVE-2026-9065

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-9065 Surecart - SQL Injection

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'modelname', 'modelid', 'integrationid', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

PT-2026-42123

SureCart version prior to 4.2.1 are vulnerable to authenticated SQL injection via multiple parameters 'model name', 'model id', 'integration id', 'provider' on the REST API endpoint '/surecart/v1/integrations/id'. The root cause is a flawed escaping bypass in the query builder 'wp-query-builder'...

CVE-2026-24494 SQL injection vulnerability in Order Up Online Ordering System

SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a crafted storeid parameter in a POST request...

Online Ordering System 安全漏洞

The Online Ordering System is a multi-store ordering system developed by Janobe’s individual developer. It can be used by any small business. Version 1.0 of the Online Ordering System has a security vulnerability. This vulnerability stems from the API/integrations/getintegrations endpoint, where...

Ghost CMS 信息泄露漏洞

Ghost CMS is an open source headless content management system CMS written in JavaScript from the Ghost Foundation in Singapore. An information disclosure vulnerability exists in Ghost versions 4.0.0 through 4.9.4, which stems from an error in the implementation of the LIMITS service that allows...