CVE-2026-48231

Open ISES Tickets prior to 3.44.2 contains a SQL injection in tables.php. The vulnerability arises because multiple POST parameters (tablename, indexname, sortby) are concatenated into table/column identifiers in dynamically constructed SELECT/UPDATE/DELETE statements without sanitization, allowi...

CVE-2026-8827

The CVE concerns TYPO3 extension Address List (tt_address). AddressRepository::getSqlQuery() builds a database query without proper sanitization, enabling SQL injection when untrusted input is used. The issue is not triggered internally by the extension in a default install, but could be exploite...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the DsSpelExpressionProcessor in the datasource key resolution path. An attacker can trigger arbitrary expression evaluation by supplying a datasource key expression th...

EUVD-2026-21391

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

UsersWP <= 1.2.10 - Unauthenticated SQL Injection

UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress contains a time-based SQL Injection caused by insufficient escaping of the 'uwpsortby' parameter in all versions up to 1.2.10, letting unauthenticated attackers execute arbitrary SQL queries,...

CVE-2023-25813

Sequelize is a Node.js ORM tool. In versions prior to 6.19.1 a SQL injection exploit exists related to replacements. Parameters which are passed through replacements are not properly escaped which can lead to arbitrary SQL injection depending on the specific queries in use. The issue has been fix...

EUVD-2024-47385

Malicious code in bioql PyPI...

Apache StreamPark 安全漏洞

Apache StreamPark is the United States Apache Apache Foundation of a streaming media application development framework. A SQL injection vulnerability exists in Apache StreamPark versions 2.1.4 through 2.1.6 and earlier, which stems from the application's lack of validation of externally entered S...

CVE-2020-14485

OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries...

CVE-2013-0676

Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...

Mini-Tmall 安全漏洞

Mini-Tmall is a Spring Boot-based mini-Tmall mall , fast deployment run , suitable for use as a bijou template . SQL injection vulnerability exists in versions prior to Mini-Tmall v2024.07.03. The vulnerability stems from the application's lack of validation of externally entered SQL statements,...

PT-2023-7671 · WordPress · Cryptocurrency Widgets Pack

Name of the Vulnerable Software and Affected Versions: Cryptocurrency Widgets Pack WordPress plugin versions prior to 2.0 Description: The issue is related to a lack of sanitization and escaping of some parameters before using them in SQL statements via an AJAX action. This can lead to SQL...

PT-2022-6831 · Ce805M · Ce805M

Name of the Vulnerable Software and Affected Versions: CE805M affected versions not specified Description: The issue is related to the CMD W REG command handler of the CE805M data collection and transmission device, specifically with the CEAR MWDI DFLT PASSWORD register. It is associated with a...

CVE-2022-29988

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete...

Buffer overflows in Microsoft SQL Server 7.0 and SQL Server 2000

Overview There is a buffer overflow in Microsoft SQL Server 2000 and SQL Server 7.0 which could allow an intruder to execute arbitrary code on vulnerable systems. Description Microsoft Windows SQL Server 2000 and SQL Server 7.0 contain a buffer overflow in functions associated with text messages...