106 matches found
CVE-2021-27319
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
PT-2026-7883
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts...
EUVD-2020-13954
Malware in sbrugna...
EUVD-2017-17160
Malware in sbrugna...
EUVD-2025-16990
Malicious code in bioql PyPI...
CVE-2025-54865 Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed...
CVE-2025-27753
CVE-2025-27753 affects RSJoomla! RSMediaGallery component for Joomla, versions 1.7.4 through 2.1.6. Root cause: unescaped user-supplied parameters used directly in SQL queries within the dashboard component, enabling authenticated attackers to inject SQL code. Effects include unauthorized databas...
CVE-2020-26668
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...
Directory Management System admin/edit-directory.php File SQL Injection Vulnerability
Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from improper handling of the email parameter in the admin/edit-directory.php file, which can be exploited to query strings and ultimately trick the serv...
SQL Injection
@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...
SQL Injection
crud-query-parser is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of the order/sort parameter. Specifically, it occurs because there is no property filter setup when using the TypeORM adapter with ordering enabled, allowing an attacker to inject malicious SQL...
CVE-2025-29649
SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided...
CVE-2025-29648
SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where acces...
CVE-2025-29653
SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields...
CVE-2025-29653
...
CVE-2025-29648
CVE-2025-29648 is rejected/not used per the Initial Description.
CVE-2025-29653
TP-Link M7450 4G LTE Mobile Wi‑Fi Router is affected by CVE-2025-29653 as reported in multiple sources (Red Hat and PT-2025-16890). The vulnerability is a SQL Injection in firmware version 1.0.2 Build 170306 Rel.1015n, exploitable via the username and password fields. The PT-2025-16890 descriptio...
CVE-2025-29648
...
DIAEnergie 1.10 SQL Injection
DIAEnergie version 1.10 proof of concept remote SQL injection exploit. ============================================================================================================================================= | Title : DIAEnergie 1.10 PHP Code Injection Vulnerability | | Author : indoushka | ...
SQL Injection
snowflakeconnectorpython is vulnerable to SQL Injection. The vulnerability is due to improper input sanitization in a function from the snowflake.connector.pandastools module, allowing malicious SQL code to be injected and executed...