CVE-2022-31447

An XML external entity XXE injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file...

EUVD-2020-23587

Malware in sbrugna...

EUVD-2020-13760

Malware in sbrugna...

EUVD-2020-13127

Malware in sbrugna...

PT-2025-29917 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager. A SQL Injection vulnerability exists in the idatendido familiares parameter of the /html/funcionario/dependente editarDoc.php endpoint. This allows manipulation o...

CVE-2025-52474 WeGIA SQL Injection Vulnerability in id Parameter on control.php Endpoint

WeGIA is a web manager for charitable institutions. Prior to version 3.4.2, a SQL Injection vulnerability was identified in the id parameter of the /WeGIA/controle/control.php endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as...

CVE-2020-20981

A SQL injection in the /admin/?n=logs=index=dolist component of Metinfo 7.0 allows attackers to access sensitive database information...

CVE-2020-28087

A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows attackers to access sensitive database information...

CVE-2012-4069

Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db...

CVE-2025-30367

WeGIA (web manager for charitable institutions) has a SQL injection in the nextPage parameter of /WeGIA/controle/control.php for versions before 3.2.6. The root cause is unsafeguarded SQL query construction, allowing attackers to access database metadata and sensitive data. Version 3.2.6 contains...

PT-2024-23284 · Unknown · Contest Gallery

Name of the Vulnerable Software and Affected Versions: Contest Gallery versions prior to 21.3.2 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for potential unauthorized access or...

PT-2023-31571

Name of the Vulnerable Software and Affected Versions DRDrive versions prior to 20231006 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations For version...

AKCMS suffers from SQL injection vulnerability (CNVD-2021-47148)

AKCMS is a lightweight content management system based on PHP and MySQL. AKCMS suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in SEACMS (CNVD-2021-41711)

SEACMS is a video-on-demand system designed for webmasters with different needs. SEACMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

Advantech iView² suffers from SQL injection vulnerability

iView² is a network element management system based on SNMP configuration and management of B B SmartWorx chassis and module products It is a WEB application whose main functional programs are located on a WEB server and can be accessed by all users via a WEB browser. An SQL injection vulnerabili...

SQL Injection Vulnerability in SEMCMS PHP (Multilingual) Version (CNVD-2021-28464)

SEMCMS PHP multilingual version is a set of open source foreign trade enterprise website management system , mainly for foreign trade enterprises , compatible with IE, Firefox and other mainstream browsers . SEMCMS PHP multilingual version of the SQL injection vulnerability, an attacker can use t...

SQL injection vulnerability in SongCMS PHP version (CNVD-2021-26159)

SongCMS is a PHP MySQL, ASP Access/SQL Server based development, enterprise-oriented, multi-language support, free, open source CMS to help business users to quickly build and deploy enterprise-level portals. SongCMS PHP version suffers from a SQL injection vulnerability, which can be exploited b...

SQL Injection Vulnerability in Ke361 Backend Me***.cl***.php

Ke361 is an open source Taobao system, based on the latest ThinkPHP3.2 version of the development, to provide a more convenient and secure WEB application development experience, the Taobao system adopts a new architectural design and namespace mechanism, the integration of modular, driven and...

Wordpress WP Google Map SQL Injection Vulnerability

Wordpress WP Google Map is an application plugin for Wordpress. Provides a way to quickly and easily add customized Google maps or store locators to WordPress posts and, or pages. A security vulnerability exists in WordPress plugin WP Google Map Plugin versions prior to 4.1.5, which originates in...

SQL injection vulnerability exists in the open-source version of the UX365 web site navigation (CNVD-2021-24438)

Youkai 365 Web site navigation open source version is based on PHP + MYSQL development and construction of open source Web site catalog management system. Uke365 Web site navigation open source version of the existence of SQL injection vulnerability . Attackers can exploit the vulnerability to...