Exploit for Improper Neutralization of Special Elements in Data Query Logic in Facturascripts

CVE-2026-25513: FacturaScripts has SQL Injection in API ORDER...

EUVD-2026-9001

A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argument data leads to sql injection. The attack is possible to be carried out remotely. The exploit ha...

PT-2026-6305

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2025.81 Description FacturaScripts, an open-source enterprise resource planning and accounting software, contains a critical SQL injection issue in its REST API. Authenticated API users can execute arbitrary SQ...

PT-2024-25264 · Onethink · Onethink

Name of the Vulnerable Software and Affected Versions: onethink version 1.1 Description: A SQL injection issue allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component. Recommendations: For onethink version 1.1, consider restricting access to the...

CVE-2022-48282 Deserializing compromised object with MongoDB .NET/C# Driver may cause remote code execution

Under very specific circumstances see Required configuration section below, a privileged user is able to cause arbitrary code to be executed which may cause further disruption to services. This is specific to applications written in C. This affects all MongoDB .NET/C Driver versions prior to and...

THULAC Null Pointer Dereference Vulnerability

THULAC is a Chinese lexical analysis toolkit introduced by the Natural Language Processing and Social Humanities Computing Laboratory of Tsinghua University, which supports Chinese word segmentation and lexical annotation functions. A null pointer dereference vulnerability exists in the...

CVE-2018-14562

An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cbmodel.h...

ThinkSNS第二弹 － SQL注入

简要描述： ThinkSNS漏洞系列第二弹，某处处理不当导致SQL注入 详细说明： 漏洞点出现在Comment Widget里： \addons\widget\CommentWidget\CommentWidget.class.php:138 / 添加评论的操作 @return array 评论添加状态和提示信息 / public function addcomment // 返回结果集默认值 $return = array 'status' = 0, 'data' = L 'PUBLICCONCENTISERROR' ; // 获取接收数据 $data = $POST; // 安全过滤...

PHPYun 3.1 /model/class/action.class.php SQL注入漏洞

No description provided by source...

CVE-2011-5076

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php. NOTE: some of these details are obtained from third party information...