CVE-2026-38808

SQL Injection vulnerability in uzy-ssm-mall v1.1.0 allows a remote attacker to obtain sensitive information via the ProductMapper.xml and /OrderUtil.java components...

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

CVE-2025-15494 RainyGao DocSys UserMapper.xml sql injection

A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

PT-2026-1773

Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions up to 2.02.37 Description A flaw exists in RainyGao DocSys that allows for SQL injection. The issue is located in an unknown function within the file com/DocSystem/mapping/UserMapper.xml. Manipulating the Username...

PT-2024-34464 · Unknown · Qiwen-File

Name of the Vulnerable Software and Affected Versions: qiwen-file version 1.4.0 Description: The issue is related to a SQL injection vulnerability. It affects the component /mapper/NoticeMapper.xml. Recommendations: For qiwen-file version 1.4.0, consider restricting access to the...

CVE-2024-35084

J2EEFAST v2.7.0 was discovered to contain a SQL injection vulnerability via the findPage function in SysMsgPushMapper.xml...

CVE-2021-40644

An SQL Injection vulnerability exists in oasys oasystem as of 9/7/2021 in resources/mappers/notice-mapper.xml...

CVE-2019-19113

main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall aka New Bee before 2019-10-23 allows search?goodsCategoryId=&keyword= SQL Injection...