DataEase 安全漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. DataEase versions 2.10.20 and earlier contain security vulnerabilities...

PT-2026-33309

The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existin...

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

PT-2026-33332

Name of the Vulnerable Software and Affected Versions SourceCodester Vehicle Parking Area Management System version 1.0 Description An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to...

PT-2026-33337

Name of the Vulnerable Software and Affected Versions SourceCodester Payroll Management and Information System version 1.0 Description SQL Injection exists in the file '/payroll/view employee.php'. Recommendations Update SourceCodester Payroll Management and Information System to a version newer...

PT-2026-33363

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21 Description An issue exists in the '/de2api/datasetData/previewSql' endpoint where user-supplied SQL is wrapped in a subquery without validation to ensure the input is a single SELECT statement. By utilizing ...

CVE-2026-37336

CVE-2026-37336 affects SourceCodester Simple Music Cloud Community System v1.0. Affected component: SQL Injection in the file /music/view_music.php . The provided documents do not specify the root cause details, impact scope, exploited versions, or remediation. No explicit exploitation informatio...

CVE-2026-37338

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewuser.php...

CVE-2026-37341

CVE-2026-37341 affects SourceCodester Vehicle Parking Area Management System v1.0, with a SQL Injection flaw in /parking/manage_category.php caused by improper input handling in the category management logic. Documented impacts indicate high severity (C/H, I/H, A/H) per CVSS 3.1 and potential dat...

CVE-2026-37347

CVE-2026-37347 affects SourceCodester Payroll Management and Information System v1.0, with a vulnerability described as an SQL Injection in the file /payroll/view_employee.php. The provided documents do not specify impact, exploit details, affected versions beyond v1.0, or remediation steps. The ...

CVE-2026-37342

CVE-2026-37342 affects SourceCodester Vehicle Parking Area Management System v1.0. Multiple connected sources confirm an SQL Injection vulnerability in the file /parking/view_parked_details.php. The underlying cause is unsafely constructed SQL queries in that endpoint, enabling potential data dis...

CVE-2026-37339

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewgenre.php...

SourceCodester Simple Music Cloud Community System 安全漏洞

SourceCodester Simple Music Cloud Community System is an open-source simple music cloud community system developed by SourceCodester. Version 1.0 of the SourceCodester Simple Music Cloud Community System contains a security vulnerability, which stems from the file /music/viewplaylist.php being...

CVE-2026-37339

The vulnerability CVE-2026-37339 affects SourceCodester Simple Music Cloud Community System v1.0. A SQL Injection flaw exists in the file /music/view_genre.php, enabling attackers to manipulate the database due to improper input handling. the impact is described as high in CVSS details (Confident...

CVE-2026-37342

SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/viewparkeddetails.php...

CVE-2026-37340

Consolidated view: CVE-2026-37340 affects SourceCodester Simple Music Cloud Community System v1.0, with a SQL Injection flaw in the file /music/edit_music.php. The vulnerability is described across multiple sources as enabling SQL injection, implying potential disclosure, modification, and disrup...

PT-2026-33358

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource update process. When a new table definition is added during a datasource update via /de2api/datasource/update, the deTableName field from th...

CVE-2026-37337

SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/viewplaylist.php...

PT-2026-33328

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Music Cloud Community System version 1.0 Description An issue exists where the application is susceptible to SQL Injection, a technique that allows an attacker to interfere with the queries that an application makes to it...

PT-2026-33352

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the orderDirection parameter used in dataset-related endpoints including /de2api/datasetData/enumValueDs and /de2api/datasetTree/exportDataset. The Order2SQLOb...