Lucene search
K

967 matches found

Cvelist
Cvelist
added 2026/07/05 7:45 p.m.23 views

CVE-2026-14767 CodeAstro Ecommerce Website POST Parameter confirm.php sql injection

A security flaw has been discovered in CodeAstro Ecommerce Website 1.0. This affects an unknown part of the file /ecommerce-website-php/customer/confirm.php of the component POST Parameter Handler. The manipulation of the argument invoiceno results in sql injection. The attack can be executed...

6.5CVSS0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 3:16 a.m.9 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS0.002EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/05 2:0 a.m.7 views

EUVD-2026-41715

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS5.8AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.15 views

PT-2026-55755

Name of the Vulnerable Software and Affected Versions SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 through 5.7.26 Description Remote manipulation of the POST Parameter Handler component leads to SQL injection, a technique where malicious SQL statements are inserted in...

6.5CVSS6.6AI score0.002EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/29 5:15 a.m.35 views

CVE-2026-13538 Wavlink WL-NU516U1-A POST Parameter wireless.cgi sub_401D68 command injection

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS0.01306EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/29 5:15 a.m.8 views

EUVD-2026-40036

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:15 a.m.11 views

CVE-2026-13538

A vulnerability was determined in Wavlink WL-NU516U1-A M16U1V240425. The affected element is the function sub401D68 of the file /cgi-bin/wireless.cgi of the component POST Parameter Handler. This manipulation of the argument SSID2G2/SSID5G2/AuthMethod2/WPAPSK12 causes command injection. Remote...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References10
NVD
NVD
added 2026/06/18 2:17 p.m.11 views

CVE-2026-40455

An SQL Injection vulnerability exists in LMS LAN Management System before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode", allowing...

8.6CVSS0.00216EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 10:58 a.m.9 views

EUVD-2026-37874

An SQL Injection vulnerability exists in LMS LAN Management System before commit 4cb30a7 within the "tarifflist.php" module due to insufficient sanitization of the POST "tg" parameter. The application directly concatenates user-supplied array values into an SQL query using "implode", allowing...

8.6CVSS5.8AI score0.00216EPSS
Exploits0References3
NVD
NVD
added 2026/06/18 6:16 a.m.13 views

CVE-2026-55740

Nur-Alam39 bus-ticket no released versions; latest commit 459cabdbeb99c00225b26e46e3c2c30ae1de7bad contains an unauthenticated SQL injection vulnerability in businfo.php. The busid parameter received via HTTP POST is concatenated directly into a MySQL query select from businfo where id=$busid...

9.8CVSS0.00366EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 12:0 p.m.15 views

EUVD-2019-20182

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
CVE
CVE
added 2026/06/15 12:0 p.m.18 views

CVE-2019-25746

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability exploitable via the post parameter. Attackers can target admin.php with action=duplicate_quote_invoice and malicious post values to extract data or modify data. Evidence: authenticated, low-privilege requirement...

7.1CVSS5.8AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.34 views

CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS0.00226EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/15 12:0 p.m.8 views

CVE-2019-25746 WordPress Sliced Invoices 3.8.2 SQL Injection via post Parameter

WordPress Sliced Invoices 3.8.2 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send requests to the admin.php endpoint with action=duplicatequoteinvoice and...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/15 12:0 p.m.32 views

CVE-2016-20073 Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php

Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract...

8.8CVSS0.0027EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.9 views

CVE-2026-9662

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled tpf POST parameter before it is used in an include path in the recoverexit function...

8.1CVSS5.5AI score0.00551EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.18 views

CVE-2017-20244

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php...

8.8CVSS0.0027EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.15 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 3:41 a.m.36 views

CVE-2026-9662 Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled tpf POST parameter before it is used in an include path in the recoverexit function...

8.1CVSS0.00551EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/08 4:30 a.m.7 views

CVE-2026-11488

A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

7.5CVSS6.9AI score0.00275EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder