PT-2026-31859

Name of the Vulnerable Software and Affected Versions Simple IT Discussion Forum version 1.0 Description A SQL injection flaw exists in the /delete-category.php file of Simple IT Discussion Forum version 1.0. Manipulation of the cat id argument can trigger the injection. The attack can be initiat...

CVE-2026-29861

CVE-2026-29861 affects PHP-MYSQL-User-Login-System v1.0, with a SQL injection vulnerability in login.php via the username parameter. The root cause is unsafely constructed SQL queries that incorporate unvalidated user input, leading to potential unauthorized disclosure/integrity impact and possib...

PT-2026-31888

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A flaw exists in itsourcecode Construction Management System 1.0. The issue involves the manipulation of the toolname argument within an unknown function of the file...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

PT-2026-31866

Name of the Vulnerable Software and Affected Versions code-projects Patient Record Management System version 1.0 Description A flaw exists in code-projects Patient Record Management System 1.0, specifically within the /hematology print.php file. Manipulation of the hem id argument can lead to SQL...

PT-2026-31868

Name of the Vulnerable Software and Affected Versions itsourcecode Construction Management System version 1.0 Description A SQL injection issue exists in itsourcecode Construction Management System version 1.0. The issue is located in the /del.php file, affecting an unknown function. Manipulation...

PT-2026-31921

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

PT-2026-31931

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update password.php via the new password parameter...

PT-2026-31901

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A flaw exists in Vehicle Showroom Management System 1.0 where manipulation of the VEHICLE ID argument within an unknown function in the /util/VehicleDetailsFunction.php file leads to S...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability stems from the uncleaned or unvalidated coursename parameter i...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability stems from the subjcode parameter in the scheduleSubList.php...

Code-Projects Patient Record Management System SQL注入漏洞

The Code-Projects Patient Record Management System is an open-source medical record management system developed by Code-Projects. Version 1.0 of the Code-Projects Patient Record Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...

CVE-2026-36235

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-5985

A security flaw has been discovered in code-projects Simple IT Discussion Forum 1.0. The affected element is an unknown function of the file /crud.php. The manipulation of the argument userId results in sql injection. The attack may be performed from remote. The exploit has been released to the...

CVE-2026-5985

CVE-2026-5985 affects code-projects Simple IT Discussion Forum 1.0. The vulnerable component is the /crud.php file, where manipulation of the user_Id argument leads to SQL injection. The issue is exploitable remotely and exploit code is publicly available (proof-of-concept). Documents do not spec...

CVE-2023-54359

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...

CVE-2023-54359 WordPress adivaha Travel Plugin 2.3 SQL Injection via pid

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...

CVE-2023-54359

WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid'...