216551 matches found
Code-Projects Patient Record Management System SQL注入漏洞
The Code-Projects Patient Record Management System is an open-source medical record management system developed by Code-Projects. Version 1.0 of the Code-Projects Patient Record Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...
CVE-2026-23780
Affected product: BMC Control-M/MFT 9.0.20–9.0.22. Vulnerability: SQL injection in the MFT API debug interface due to improper input validation and unsafe dynamic SQL handling. Impact: authenticated attacker can read/write arbitrary files and may achieve remote code execution; no exploit details ...
CVE-2026-5985
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...
CVE-2026-5985
A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...
CVE-2026-5985
CVE-2026-5985 affects code-projects Simple IT Discussion Forum 1.0. The vulnerable component is the /crud.php file, where manipulation of the user_Id argument leads to SQL injection. The issue is exploitable remotely and exploit code is publicly available (proof-of-concept). Documents do not spec...
CVE-2023-54359
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...
CVE-2023-54359
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...
CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 SQL Injection via pid
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...
CVE-2026-35614
Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulkupdate. This vulnerability is fixed in 16.14.0 and 15.104.0...
CVE-2026-39342
ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports Query Menu and access to the "Advanced Search" query. This vulnerability is...
CVE-2026-39325
ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extra...
EUVD-2026-20958
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2026-5961
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2026-5961 code-projects Simple IT Discussion Forum topic-details.php sql injection
A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument postid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed...
CVE-2026-5961
CVE-2026-5961 affects code-projects Simple IT Discussion Forum 1.0. The vulnerability is in /topic-details.php via the post_id parameter, leading to SQL injection. Exploitation is remote and has been publicly disclosed; exploit code maturity is PROOF-OF-CONCEPT. No remediation details are provide...
CVE-2026-4112
Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...
CVE-2026-4112
SonicWall SMA1000 series devices are affected by CVE-2026-4112, an SQL injection vulnerability caused by improper neutralization of special elements. A remote authenticated attacker with read-only administrator privileges can escalate to primary administrator. The issue is documented by SonicWall...
CVE-2026-4112
Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...
CVE-2026-4112
Improper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator...