108 matches found
CVE-2017-20257
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flagquestion task. Attackers can inject malicious SQL code via the stuquizid or flagquest parameters to manipulate database...
CVE-2026-35228
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects component: helper tool. The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle MCP Server...
CVE-2021-27319
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via email parameter...
PT-2026-7883
thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts...
EUVD-2020-13954
Malware in sbrugna...
EUVD-2017-17160
Malware in sbrugna...
EUVD-2025-16990
Malicious code in bioql PyPI...
CVE-2025-54865 Tilesheets MediaWiki Extension is Vulnerable to Potential SQL Injection
Tilesheets MediaWiki Extension adds a table lookup parser function for an item and returns the requested image. A missing backtick in a query executed by the Tilesheets extension allows users to insert and potentially execute malicious SQL code. This issue has not been fixed...
CVE-2025-27753
CVE-2025-27753 affects RSJoomla! RSMediaGallery component for Joomla, versions 1.7.4 through 2.1.6. Root cause: unescaped user-supplied parameters used directly in SQL queries within the dashboard component, enabling authenticated attackers to inject SQL code. Effects include unauthorized databas...
CVE-2020-26668
A SQL injection vulnerability was discovered in /core/feeds/custom.php in BigTree CMS 4.4.10 and earlier which allows an authenticated attacker to inject a malicious SQL query to the applications via the 'Create New Feed' function...
Directory Management System admin/edit-directory.php File SQL Injection Vulnerability
Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that stems from improper handling of the email parameter in the admin/edit-directory.php file, which can be exploited to query strings and ultimately trick the serv...
SQL Injection
@posthog/plugin-server is vulnerable to SQL Injection. The vulnerability is due to the lack of proper validation of a user-supplied string before using it to construct SQL queries, allows attackers to inject malicious SQL code and execute arbitrary commands in the context of the database account...
SQL Injection
crud-query-parser is vulnerable to SQL Injection. The vulnerability is due to improper neutralization of the order/sort parameter. Specifically, it occurs because there is no property filter setup when using the TypeORM adapter with ordering enabled, allowing an attacker to inject malicious SQL...
CVE-2025-29649
SQL Injection vulnerability exists in the TP-Link TL-WR840N router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided...
CVE-2025-29648
SQL Injection vulnerability exists in the TP-Link EAP120 router s login dashboard version 1.0, allowing an unauthenticated attacker to inject malicious SQL statements via the login fields. NOTE: this is disputed because the issue can only be reproduced on a supplier-provided emulator, where acces...
CVE-2025-29653
SQL Injection vulnerability exists in the TP-Link M7450 4G LTE Mobile Wi-Fi Router Firmware Version: 1.0.2 Build 170306 Rel.1015n, allowing an unauthenticated attacker to inject malicious SQL statements via the username and password fields...
CVE-2025-29653
...
CVE-2025-29653
TP-Link M7450 4G LTE Mobile Wi‑Fi Router is affected by CVE-2025-29653 as reported in multiple sources (Red Hat and PT-2025-16890). The vulnerability is a SQL Injection in firmware version 1.0.2 Build 170306 Rel.1015n, exploitable via the username and password fields. The PT-2025-16890 descriptio...
CVE-2025-29648
...
CVE-2025-29648
CVE-2025-29648 is rejected/not used per the Initial Description.