CVE-2026-39948 Cacti has SQL Injection via rfilter parameter in RLIKE clauses

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv rather than gfrv with FILTERVALIDATEISREGEX validation and concatenated directly into RLIKE SQL clauses in lib/htmlgraph.php and...

CVE-2026-39948

Cacti

CVE-2026-39893 Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

CVE-2026-39893

Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication graph viewing supports guest access via the configured guest...

PT-2026-52128

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description An issue exists where the rfilter request variable is concatenated into a RLIKE SQL clause without proper sanitization. This allows for a pre-authentication SQL injection SQLi on installations where...

CVE-2021-47966

The CVE concerns PHP Timeclock 1.04, where the login_userid parameter in login.php is vulnerable to time-based and boolean-based blind SQL injection. unauthenticated attackers can submit crafted POST requests with SQL payloads (e.g., SLEEP functions or RLIKE conditions) to dump database contents,...

PT-2026-41345

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login userid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672 PilusCart 1.4.1 SQL Injection via send Parameter

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

CVE-2019-25672

PilusCart 1.4.1 is affected by a SQL injection in the send parameter. Unauthenticated attackers can craft POST requests to the comment submission endpoint using RLIKE-based boolean SQL payloads to extract data from the database. The available sources confirm the vulnerability and affected version...

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

GHSA-VXG3-V4P6-F3FP Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Affected code in models/Dependency/Dao.php: - getFilterRequiresByPath lines 90, 95, 100 -...

Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

The filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Affected code in models/Dependency/Dao.php: - getFilterRequiresByPath lines 90, 95, 100 -...

CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461 Pimcore vulnerable to SQL injection via unsanitized filter value in Dependency Dao RLIKE clause

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461

Pimcore is an Open Source Data & Experience Management Platform. In versions up to and including 11.5.14.1 and 12.3.2, the filter query parameter in the dependency listing endpoints is JSON-decoded and the value field is concatenated directly into RLIKE clauses without sanitization or parameteriz...

CVE-2026-27461

Summary : Pimcore pre-12.3.3 exposes a SQL-like injection in the dependency listing filter. In versions up to 11.5.14.1 and 12.3.2, the filter query parameter is JSON-decoded and the value is concatenated directly into RLIKE clauses without sanitization or parameterized queries. Impact : With adm...

PT-2026-21658

Name of the Vulnerable Software and Affected Versions Pimcore versions up to and including 11.5.14.1 Pimcore versions up to and including 12.3.2 Description Pimcore is an Open Source Data & Experience Management Platform. The filter query parameter in the dependency listing endpoints is processed...

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection

Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21 Tested on:...