CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...

PT-2026-31924

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

PT-2026-31869

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom versions 1.0/2.php Description A security flaw exists in CodeAstro Online Classroom 1.0/2.php, specifically within the file /OnlineClassroom/takeassessment2.php?exid=14. Manipulation of the Q1 argument leads to a SQL...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source system for managing automobile showrooms developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling...

CVE-2026-23780

Affected product: BMC Control-M/MFT 9.0.20–9.0.22. Vulnerability: SQL injection in the MFT API debug interface due to improper input validation and unsafe dynamic SQL handling. Impact: authenticated attacker can read/write arbitrary files and may achieve remote code execution; no exploit details ...

SourceCodester Engineers Online Portal 安全漏洞

SourceCodester Engineers Online Portal is an online portal for engineers, developed by SourceCodester as open source. Version 1.0 of the SourceCodester Engineers Online Portal contains a security vulnerability. This vulnerability stems from the newpassword parameter in the updatepassword.php file...

PT-2026-31859

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection flaw exists in the /delete-category.php file of Simple IT Discussion Forum version 1.0. Manipulation of the cat id argument can trigger the injection. The attack can be initiat...

CVE-2026-29861

CVE-2026-29861 affects PHP-MYSQL-User-Login-System v1.0, with a SQL injection vulnerability in login.php via the username parameter. The root cause is unsafely constructed SQL queries that incorporate unvalidated user input, leading to potential unauthorized disclosure/integrity impact and possib...

PT-2026-31888

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A flaw exists in itsourcecode Construction Management System 1.0. The issue involves the manipulation of the toolname argument within an unknown function of the file...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

PT-2026-31866

Name of the Vulnerable Software and Affected Versions code-projects Patient Record Management System version 1.0 Description A flaw exists in code-projects Patient Record Management System 1.0, specifically within the /hematology print.php file. Manipulation of the hem id argument can lead to SQL...

PT-2026-31868

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A SQL injection issue exists in itsourcecode Construction Management System version 1.0. The issue is located in the /del.php file, affecting an unknown function. Manipulation...

PT-2026-31921

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

PT-2026-31931

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update password.php via the new password parameter...

PT-2026-31901

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A flaw exists in Vehicle Showroom Management System 1.0 where manipulation of the VEHICLE ID argument within an unknown function in the /util/VehicleDetailsFunction.php file leads to S...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability stems from the uncleaned or unvalidated coursename parameter i...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability stems from the subjcode parameter in the scheduleSubList.php...