EUVD-2026-14604

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

EUVD-2026-14608

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

EUVD-2026-14620

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-4615

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2026-4613

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2026-27376

Name of the Vulnerable Software and Affected Versions Bootstrapy CMS affected versions not specified Description Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. This can lead to the extraction of...

PT-2026-27374

Name of the Vulnerable Software and Affected Versions Inout Article Base CMS affected versions not specified Description Unauthenticated attackers can manipulate database queries using SQL injection. By sending GET requests to the 'portalLogin.php' endpoint, attackers can inject SQL code via...

WordPress plugin LearnDash LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

PT-2026-27375

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten password module to...

MATRI4WEB Matrimony Website Script M-Plus SQL注入漏洞

MATRI4WEB Matrimony Website Script M-Plus is a website scripting system developed by the Indian company MATRI4WEB. It is used to create dating platforms and manage member profiles as well as matching functions. The MATRI4WEB Matrimony Website Script M-Plus has a SQL injection vulnerability. This...

Meeplace Business Review Script SQL注入漏洞

The Meeplace Business Review Script is a scripting system developed by Meeplace company for creating websites that allow businesses to review and rate their customers. The Meeplace Business Review Script has a SQL injection vulnerability. This vulnerability arises from SQL injection attacks,...

SourceCodester Online Catering Reservation SQL注入漏洞

SourceCodester Online Catering Reservation is an open-source online catering reservation system developed by SourceCodester. Version 1.0 of SourceCodester Online Catering Reservation has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

PT-2026-27331

The JetEngine plugin for WordPress is vulnerable to SQL Injection via the listing load more AJAX action in all versions up to, and including, 3.8.6.1. This is due to the filtered query parameter being excluded from the HMAC signature validation allowing attacker-controlled input to bypass securit...

PT-2026-27520

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

PT-2026-27439

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

PT-2026-27484

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.59 Parse Server versions prior to 9.6.0-alpha.53 Description Parse Server, an open source backend deployable on Node.js infrastructure, contains a flaw where an attacker possessing master key access can execu...

SourceCodester E-Commerce Site SQL注入漏洞

SourceCodester E-Commerce Site is an e-commerce website developed under open source by SourceCodester. Version 1.0 of SourceCodester E-Commerce Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Search in the file /products.php, which may le...

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...