PT-2026-32277

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web WordPress plugin versions prior to 1.15.38 Description Improper preparation of SQL queries occurs when the "MySQL Mapping" feature is active, which may enable SQL Injection attacks in certain contexts. Recommendations...

SourceCodester Online Thesis Archiving System 安全漏洞

The SourceCodester Online Thesis Archiving System is an open-source online thesis archiving system developed by SourceCodester. Version 1.0 of the SourceCodester Online Thesis Archiving System contains a security vulnerability, which stems from an SQL injection vulnerability in the file...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

PT-2026-32448

Someone just found a way to dump your entire database with a single HTTP request. CVE-2026-6193: Critical SQL injection in PHPGurukul Daily Expense Tracker v1.1. No authentication. No special tools. Just a crafted URL parameter. Full attack chain breakdown → https://t.co/TeFM3nIkbP SQLInjection C...

PT-2026-32356

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view service.php...

PT-2026-32515

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

PT-2026-32285

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario bulk operations module. CVE-2026-24418: OpenSTAManager has a SQL Injection vulnerability in the Scadenzario bulk operations module Overview | Field | Details | |---|---| | CVE ID |...

SourceCodester Pharmacy Sales and Inventory System SQL注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from incorrect...

PT-2026-32401

A vulnerability was found in itsourcecode Construction Management System 1.0. The impacted element is an unknown function of the file /employees.php. Performing a manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

Code-Projects Easy Blog Site SQL注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of Code-Projects Easy Blog Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the post.php file, which may lead to SQL injection attac...

SourceCodester Cab Management System 安全漏洞

SourceCodester Cab Management System is an open-source taxi management system developed by SourceCodester. Version 1.0 of the SourceCodester Cab Management System has a security vulnerability, which stems from SQL injection in the /cms/admin/bookings/viewbooking.php file...

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2026-36872

CVE-2026-36872 affects Sourcecodester Basic Library System v1.0, with a SQL Injection vulnerability in the script path /librarysystem/load_book.php. The connected records confirm the vulnerable endpoint but do not provide detailed root cause analysis, affected parameter names, or remediation step...

Faculty Management System SQL注入漏洞

The Faculty Management System is an instructor management system developed by code-projects as open source. Version 1.0 of the Faculty Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter ID in the file /subject-print.php, which ma...

CVE-2026-36947

CVE-2026-36947 affects Sourcecodester Computer and Mobile Repair Shop Management System v1.0. The vulnerability is a SQL Injection in /rsms/admin/services/view_service.php. CVSS v3.1 base score 2.7 (LOW) with network attack vector, low complexity, requiring high privileges and no user interaction...

PT-2026-32221

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A SQL injection issue exists in an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Manipulating the BRANCH ID argument can trigger the injection. The attack...

CVE-2026-36922

CVE-2026-36922 affects Sourcecodester Cab Management System v1.0; SQL injection in /cms/admin/categories/view_category.php. Root cause is vulnerable SQL handling in that file. CVSS 3.1 base score 2.7 (LOW) with Confidentiality impact: LOW; no impact to integrity or availability stated. Other conn...

WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...