PHPGurukul Online Course Registration SQL注入漏洞

PHPGurukul Online Course Registration is an online course registration system provided by PHPGurukul Corporation. Version 3.1 of PHPGurukul Online Course Registration contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ‘cid’ in the file...

WordPress plugin Download Monitor SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin User Registration & Membership SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

Code-Projects Easy Blog Site SQL注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Versions of Code-Projects Easy Blog Site 1.0 and earlier had a SQL injection vulnerability. This vulnerability stemmed from the handling of the Name parameter in the file/users/contactus.php, which cou...

PT-2026-31129

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YayCommerce YayMail yaymail allows Blind SQL Injection.This issue affects YayMail: from n/a through = 4.3.3...

PT-2026-31553

A weakness has been identified in itsourcecode Construction Management System 1.0. Affected by this issue is some unknown functionality of the file /borrowed tool report.php. This manipulation of the argument Home causes sql injection. It is possible to initiate the attack remotely. The exploit h...

WordPress plugin YayMail SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-31098

The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr off' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress plugin Attendance Manager SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-31551

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration version 3.1 Description A weakness exists in PHPGurukul Online Course Registration 3.1. The issue affects unknown code within the /check availability.php file. Manipulation of the cid argument can lead to...

Linux Distros Unpatched Vulnerability : CVE-2026-29047

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. From 10.0.0 to before 10.0.24 and 11.0.6, an authenticated user can perform a SQL injection via the log...

CVE-2026-5675

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown part of the file /borrowedtool.php of the component Parameter Handler. The manipulation of the argument emp results in sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2026-5681

A flaw has been found in itsourcecode sanitize or validate this input 1.0. This impacts an unknown function of the file /borrowedequip.php of the component Parameter Handler. This manipulation of the argument empid causes sql injection. The attack is possible to be carried out remotely. The explo...

CVE-2026-35184

EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0...

CVE-2026-35395

WeGIA is a Web manager for charitable institutions. Prior to 3.6.9, WeGIA Web gerenciador para instituições assistenciais contains a SQL injection vulnerability in dao/memorando/DespachoDAO.php. The idmemorando parameter is extracted from $REQUEST without validation and directly interpolated into...

CVE-2026-35470

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to 2.10.2, confrontarighe.php files across different modules in OpenSTAManager contain an SQL Injection vulnerability. The righe parameter received via $GET'righe' is directly concatenated into an S...

CVE-2026-39356

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

CVE-2026-39356

CVE-2026-39356 affects Drizzle ORM. Prior to 0.45.2 and 1.0.0-beta.20, dialect-specific escapeName() did not escape embedded SQL identifier delimiters before quoting, enabling injection when attacker-controlled input reaches APIs that construct SQL identifiers or aliases (e.g., sql.identifier(), ...

CVE-2026-39356 SQL Injection via escapeName() in all Drizzle ORM SQL dialects

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...

CVE-2026-39356 SQL Injection via escapeName() in all Drizzle ORM SQL dialects

Drizzle is a modern TypeScript ORM. Prior to 0.45.2 and 1.0.0-beta.20, Drizzle ORM improperly escaped quoted SQL identifiers in its dialect-specific escapeName implementations. In affected versions, embedded identifier delimiters were not escaped before the identifier was wrapped in quotes or...