PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter “oid” in the...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter filename ...

PT-2026-30595

Name of the Vulnerable Software and Affected Versions projectworlds Car Rental System version 1.0 Description A weakness exists in projectworlds Car Rental System 1.0. The issue affects an unknown functionality within the /pay.php file of the Parameter Handler component. Manipulation of the mpesa...

PT-2026-30587

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The...

PT-2026-30679

Name of the Vulnerable Software and Affected Versions Cyber-III Student-Management-System versions up to 1a938fa61e9f735078e9b291d2e6215b4942af3f Description A SQL injection issue exists in the Parameter Handler component of Cyber-III Student-Management-System. The vulnerability is located in the...

PT-2026-30590

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /admin/update-image1.php of the component Parameter Handler. The manipulation of the argument filename results in sql injection. The attack may be performed from...

PT-2026-30598

Name of the Vulnerable Software and Affected Versions Simple Laundry System version 1.0 Description A flaw exists in code-projects Simple Laundry System 1.0, specifically within the /userfinishregister.php file of the Parameter Handler component. Manipulation of the firstName argument can lead to...

SQL Injection

Overview griptape is a Modular Python framework for LLM workflows, tools, memory, and data. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database b...

SQL Injection

Overview griptape-tools is a Tools for the Griptape framework. Affected versions of this package are vulnerable to SQL Injection through the executequery path in the SQL tool and loader components. An attacker can execute malicious SQL against the connected database by prompt-injecting the LLM to...

EUVD-2019-20122

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the idproject parameter. Attackers can send crafted requests with malicious SQL statements in the idproject parameter to extract sensitive database...

EUVD-2019-20121

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sortdirection parameter. Attackers can submit malicious SQL statements in the sortdirection parameter to extract sensitive database information or modi...

EUVD-2019-20111

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mngprofileid parameter. Attackers can send crafted requests with malicious SQL payloads in the mngprofileid parameter to extract sensitive database...

EUVD-2019-20117

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the languagetag parameter. Attackers can submit malicious SQL statements in the languagetag parameter to extract sensitive database information or modify...

EUVD-2019-20085

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

EUVD-2019-20087

Ask Expert Script 3.0.5 contains cross-site scripting and SQL injection vulnerabilities that allow unauthenticated attackers to inject malicious code by manipulating URL parameters. Attackers can inject script tags through the cateid parameter in categorysearch.php or SQL code through the view...

EUVD-2019-20083

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

EUVD-2019-20079

PilusCart 1.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'send' parameter. Attackers can submit POST requests to the comment submission endpoint with RLIKE-based boolean SQL injection payloads to...

EUVD-2019-20073

qdPM 9.1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the searchbyextrafields parameter. Attackers can send POST requests to the users endpoint with malicious searchbyextrafields values to trigger SQL syntax errors and...

EUVD-2019-20071

News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive...

EUVD-2019-20062

SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection...