PT-2026-33632

A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation of the argument key leads to hard-coded credentials. The attack may be performed from remote. The...

CVE-2018-18626

An issue was discovered in PHPYun V4.6. There is a vulnerability that can delete any file or directory via the "admin/index.php?m=database=del" sql parameter because delaction in admin/model/database.class.php mishandles this parameter...

CVE-2025-62597

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

CVE-2025-62597

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

CVE-2025-62597 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

EUVD-2025-35184

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

CVE-2025-62597 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

CVE-2025-62597 WeGIA Vulnerable to Reflected Cross-Site Scripting via Endpoint 'pessoa/editar_info_pessoal.php' Parameter 'sql'

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting XSS vulnerability was identified in the editarinfopessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject...

EUVD-2002-1612

Malware in sbrugna...

EUVD-2023-1075

Malicious code in bioql PyPI...

PHPGurukul Car Washing Management System 注入漏洞

Car Washing Management System is a car wash management system. Car Washing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter wpid in the file /admin/editcar-washpoint.php. An attacker can...

CVE-2023-1797

A vulnerability classified as critical was found in OTCMS 6.0.1. Affected by this vulnerability is an unknown functionality of the file sysCheckFile.php?mudi=sql. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and m...

CVE-2024-13321

The AnalyticsWP plugin for WordPress is vulnerable to SQL Injection via the 'customsql' parameter in all versions up to, and including, 2.0.0 due to insufficient authorization checks on the handlegetstats function. This makes it possible for unauthenticated attackers to append additional SQL...

Exploit for CVE-2024-57521

Authenticated SQL Injection in RuoYi v4.7.9 Bypass of CVE-202...

PT-2024-16657 · Guangzhou Tuchuang Computer Software Development · Interlib Library Cluster Automation Management System

Name of the Vulnerable Software and Affected Versions: Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System versions up to 2.0.1 Description: A critical issue has been found in the Interlib Library Cluster Automation Management System, affecting a...

CVE-2024-42900

Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting XSS vulnerability via the sql parameter of the createTable function at /tool/gen/create...

RuoYi 安全漏洞

RuoYi is a back-end management system by the individual developer of RuoYi in China. A security vulnerability exists in RuoYi v4.7.9, which is caused by a cross-site scripting XSS vulnerability in the sql parameter of the createTable function at /tool/gen/create...

CVE-2024-42900

Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting XSS vulnerability via the sql parameter of the createTable function at /tool/gen/create...

PT-2024-30194 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: Ruoyi versions 4.7.9 and earlier Description: A cross-site scripting XSS issue was discovered in Ruoyi via the sql parameter of the createTable function at "/tool/gen/create". This allows for potential exploitation. Recommendations: For...

CVE-2024-4699

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-8000-10 up to 20230922. This issue affects some unknown processing of the file /importhtml.php. The manipulation of the argument sql leads to deserialization. The attack may be initiated...