CVE-2026-45800

Summary: CVE-2026-45800 affects the Vvveb CMS prior to version 1.0.8.3. The vulnerability is an authenticated SQL injection in the frontend order history page (/user/orders). The order_by and direction parameters are taken from the URL, propagated through the Orders component, and directly concat...

CVE-2026-25947 Worklenz Boolean-Based Blind SQL Injection via Improper ORDER BY Clause Input Validation

Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocatio...

CVE-2026-25947

Worklenz is affected by multiple SQL injection vulnerabilities in backend query construction affecting project/task management controllers, reporting/financial endpoints, real-time socket.io handlers, and resource scheduling prior to version 2.1.7. The issue is mitigated by upgrading to v2.1.7, w...

SQL Injection

Overview sqlagg is a SQL aggregation tool Affected versions of this package are vulnerable to SQL Injection due to unsanitized user input in the ORDER BY clause. Remediation Upgrade sqlagg to version 0.13.0 or higher. References - GitHub Commit...

PT-2021-3508

Name of the Vulnerable Software and Affected Versions Django versions 3.1.x through 3.1.12 Django versions 3.2.x through 3.2.4 Description The issue is related to the QuerySet.order by function in the Django web application platform, which does not properly protect the SQL query structure. This...