16793 matches found
CVE-2026-6165
CVE-2026-6165 affects code-projects Vehicle Showroom Management System 1.0. The vulnerability resides in an unknown code path within /util/Login_check.php, where manipulating the argument ID can trigger SQL injection. Attacks can be launched remotely, and the exploit is publicly available (POC). ...
CVE-2026-5829 code-projects Simple IT Discussion Forum content.php sql injection
A vulnerability was determined in code-projects Simple IT Discussion Forum 1.0. The impacted element is an unknown function of the file /pages/content.php. This manipulation of the argument postid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
EUVD-2026-20160
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NSquared Simply Schedule Appointments simply-schedule-appointments allows Blind SQL Injection.This issue affects Simply Schedule Appointments: from n/a through = 1.6.9.27...
CVE-2026-39479
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Brainstorm Force OttoKit suretriggers allows Blind SQL Injection.This issue affects OttoKit: from n/a through = 1.1.20...
PT-2026-30446
Name of the Vulnerable Software and Affected Versions Song-Li cross browser up to ca690f0fe6954fd9bcda36d071b68ed8682a786a Description A vulnerability exists in Song-Li cross browser, potentially allowing for SQL injection. The issue affects an unknown part of the flask/uniquemachine app.py file...
MAC-SQL SQL注入漏洞
MAC-SQL is a multi-agent collaborative text-to-SQL framework developed by Bing’s individual developers. MAC-SQL has a SQL injection vulnerability, which stems from operations on parameters in the file core/agents.py, and could lead to SQL injection attacks...
Code-Projects Simple Laundry System SQL注入漏洞
Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...
Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)
The version of Fortinet FortiClient EMS installed on the remote host is 7.4.4. It is, therefore, affected by a SQL injection vulnerability: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in FortiClientEMS 7.4.4 may allow an unauthenticated...
EUVD-2026-17206
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 2.14.2 to before version 2.17.0 for parameters "before" and "after" and from version 2.1.0-beta to before version 2.17.0 for parameters "sectionid" and "userid", the /api/v2?cmd=gethomestats endpoint passe...
CVE-2026-33991
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...
CVE-2026-33991
WeGIA is a web manager for charitable institutions. Prior to version 3.6.7, the file html/socio/sistema/deletartag.php uses extract$REQUEST on line 14 and directly concatenates the $idtag variable into SQL queries on lines 16-17 without prepared statements or sanitization. Version 3.6.7 patches t...
CVE-2021-27320
Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter...
CVE-2021-27946
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. issue 1 of 3...
CVE-2021-27999
A SQL injection vulnerability was discovered in the editid parameter in Local Services Search Engine Management System Project 1.0. This vulnerability gives admin users the ability to dump all data from the database...
n8n SQL注入漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.14.1, 2.13.3, and 1.123.26 have a SQL injection vulnerability. This vulnerability stems from the Data Table Get node, which may lead to data modification or deletion...
CVE-2026-4777
A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...
CVE-2026-4572
The CVE-2026-4572 entry identifies a vulnerability in SourceCodester Sales and Inventory System 1.0. The flaw affects the file /view_product.php, specifically the HTTP POST parameter searchtxt, where manipulation can lead to a SQL Injection. It is described as exploitable remotely and with a publ...
CVE-2026-31917
The CVE concerns the WordPress WP ERP plugin by weDevs (ERP component) with versions up to 1.16.10 exposed to SQL Injection due to improper neutralization of user input. The issue affects WP ERP from unspecified earlier versions through 1.16.10. The provided documents do not specify exploit detai...
PT-2026-24849
Name of the Vulnerable Software and Affected Versions xierongwkhd weimai-wetapp versions up to 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2 Description A flaw exists in xierongwkhd weimai-wetapp. The issue affects the getLikeMovieList function within the file source-code/src/main/java/com/moke/wp/wx...
CVE-2026-3672 JeecgBoot getDictItems isExistSqlInjectKeyword sql injection
A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used...