EUVD-2026-30156

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

CVE-2026-39358 CubeCart: Time-based Blind SQL Injection

CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters sortprice, sortactivity, sortadmin, and sortcustomer of the Products and Logs endpoints in CubeCart v6.x. This allows an attacker to...

CVE-2026-39358

CubeCart

CubeCart SQL注入漏洞

CubeCart is an open-source e-commerce software developed by CubeCart. Versions of CubeCart prior to 6.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from a time-based blind SQL injection in the sorting parameters, which could allow attackers to execute arbitrary SQL...

GHSA-PMGJ-GMM4-JH6J Craft Commerce is vulnerable to SQL Injection in Commerce Inventory Table Sorting

Summary Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or sanitization. An authenticated attacker with access to the Commerce...

Exploit for SQL Injection in Storeapps Smart_Manager

CVE-2024-0566 Smart Manager 8.27.0 - Post-Authenticated SQL In...

phplist 安全漏洞

phplist is an open source newsletter and email marketing software from phplist UK. phplist version 3.2.6 is vulnerable to information disclosure. An attacker could exploit the vulnerability by entering a password to sort the parameters, which could lead to information disclosure...

DQL injection through sorting parameters blocked

Impact Values added at the end of query sorting were passed directly to the DB. We don't know, if it could lead to direct SQL injections, however, we should not allow for easy injection of values there anyway. Patches The issue is fixed in version 1.10.1 and in 1.11-rc.1 Workarounds You have to...

CVE-2022-24752 SQL Injection through sorting parameters in SyliusGridBundle

SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate t...

PT-2016-5356 · Red Hat · Katello

Name of the Vulnerable Software and Affected Versions: Katello affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities in the scoped search function. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The...