PT-2026-27520

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

PT-2026-27439

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

PT-2026-27484

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.59 Parse Server versions prior to 9.6.0-alpha.53 Description Parse Server, an open source backend deployable on Node.js infrastructure, contains a flaw where an attacker possessing master key access can execu...

SourceCodester E-Commerce Site SQL注入漏洞

SourceCodester E-Commerce Site is an e-commerce website developed under open source by SourceCodester. Version 1.0 of SourceCodester E-Commerce Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Search in the file /products.php, which may le...

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...

PT-2026-27524

Name of the Vulnerable Software and Affected Versions SourceCodester Sales and Inventory System version 1.0 Description A flaw exists in SourceCodester Sales and Inventory System that allows for SQL injection. The issue is located within the update purchase.php file, specifically through...

WordPress plugin JetEngine SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-27373

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

PT-2026-27324

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from SQL injection in the sortfield paramete...

SourceCodester Online Admission System SQL注入漏洞

The SourceCodester Online Admission System is an open-source online admission system developed by SourceCodester. Version 1.0 of the SourceCodester Online Admission System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the program parameter in the...

PT-2026-27377

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the paramete...

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

itsourcecode Online Enrollment System SQL注入漏洞

itsourcecode Online Enrollment System is an open-source online registration system developed by itsourcecode. Version 1.0 of the itsourcecode Online Enrollment System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Name” in the file...

SourceCodester Online Library Management System SQL注入漏洞

The SourceCodester Online Library Management System is an open-source online library management system developed by SourceCodester. Version 1.0 of the SourceCodester Online Library Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...

CVE-2026-4615

The CVE-2026-4615 entry details a SQL injection in SourceCodester Online Catering Reservation 1.0, triggered by manipulating the rcode parameter in the /search.php function. The vulnerability is exploitable remotely, and public exploits are available. Affected component is an unknown function wit...

CVE-2026-4615

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...