CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/24 12:0 a.m.•9 views

PT-2026-42913

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=save patient history. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS6.9AI score0.00393EPSS

Positive Technologies•added 2026/05/24 12:0 a.m.•11 views

PT-2026-42944

A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the...

7.5CVSS6.8AI score0.00319EPSS

CNNVD•added 2026/05/24 12:0 a.m.•7 views

SourceCodester Hospitals Patient Records Management System SQL注入漏洞

SourceCodester Hospitals Patient Records Management System is an open-source hospital medical record management system developed by SourceCodester. Version 1.0 of the SourceCodester Hospitals Patient Records Management System contains a SQL injection vulnerability. This vulnerability arises from...

7.5CVSS7.2AI score0.00393EPSS

NVD•added 2026/05/23 11:16 p.m.•10 views

CVE-2026-9342

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. Impacted is an unknown function of the file /admin/patients/viewhistory.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has be...

6.5CVSS0.00246EPSS

Vulnrichment•added 2026/05/23 10:15 p.m.•6 views

CVE-2026-9342 SourceCodester Hospitals Patient Records Management System view_history.php sql injection

6.5CVSS6.5AI score0.00246EPSS

CVE•added 2026/05/23 10:15 p.m.•33 views

CVE-2026-9342

SourceCodester Hospitals Patient Records Management System 1.0 has a remote SQL injection in the file /admin/patients/view_history.php via manipulation of the ID argument. The flaw arises from unsanitized input, enabling a potential attacker to execute arbitrary SQL. Reported impacts include data...

6.5CVSS6.5AI score0.00246EPSS

ATTACKERKB•added 2026/05/23 10:15 p.m.•10 views

CVE-2026-9342

6.5CVSS6.5AI score0.00246EPSS

Exploits0References5Affected Software1

NVD•added 2026/05/23 7:16 p.m.•14 views

CVE-2018-25351

Joomla! Component EkRishta 2.10 contains an error-based SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the username parameter. Attackers can submit POST requests to the login endpoint with SQL injection payloads ...

8.8CVSS0.0043EPSS

NVD•added 2026/05/23 7:16 p.m.•10 views

CVE-2018-25352

WordPress Ultimate Form Builder Lite plugin version 1.3.7 and below contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the entryid POST parameter. Attackers can send POST requests to the admin-ajax.php endpoint...

7.1CVSS0.00275EPSS

NVD•added 2026/05/23 7:16 p.m.•7 views

CVE-2018-25342

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in search.php. Attackers can send GET requests with malicious SQL payloads like SLEEP commands to extract...

8.8CVSS0.0043EPSS

NVD•added 2026/05/23 7:16 p.m.•10 views

CVE-2018-25347

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...

7.1CVSS0.00275EPSS

NVD•added 2026/05/23 7:16 p.m.•6 views

CVE-2018-25340

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to category.php with UNION-based SQL injection payloads in the id parameter to extract...

8.8CVSS0.0043EPSS

ATTACKERKB•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25352

7.1CVSS5.9AI score0.00275EPSS

CVE•added 2026/05/23 6:30 p.m.•13 views

CVE-2018-25352

The CVE-2018-25352 entry concerns the WordPress plugin Ultimate Form Builder Lite (version 1.3.7 and earlier). The vulnerability is a SQL injection in the entry_id parameter, exploitable via POST to admin-ajax.php with the ufbl_get_entry_detail_action action. Authenticated attackers can manipulat...

7.1CVSS5.9AI score0.00275EPSS

Vulnrichment•added 2026/05/23 6:30 p.m.•7 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

7.1CVSS5.9AI score0.00275EPSS

Cvelist•added 2026/05/23 6:30 p.m.•14 views

CVE-2018-25352 WordPress Ultimate Form Builder Lite 1.3.7 SQL Injection via entry_id

7.1CVSS0.00275EPSS

ATTACKERKB•added 2026/05/23 6:30 p.m.•9 views

CVE-2018-25351

8.8CVSS6.2AI score0.0043EPSS

Exploits0References4Affected Software1

CVE•added 2026/05/23 6:30 p.m.•34 views

CVE-2018-25351

CVE-2018-25351 affects Joomla! Component EkRishta 2.10. The connected documents describe an error-based SQL injection in the username parameter that allows unauthenticated attackers to execute arbitrary SQL queries by sending POST requests to the login endpoint, leaking database information inclu...

8.8CVSS6.2AI score0.0043EPSS