CVE-2026-4540

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

CVE-2026-4540 projectworlds Online Notes Sharing System Parameters login.php sql injection

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

CVE-2026-4540

The CVE-2026-4540 entry concerns projectworlds Online Notes Sharing System 1.0. The flaw lies in the Parameters Handler’s processing of the login.php input, where manipulation of the Benutzer argument enables SQL Injection. A remote attacker could exploit this, and public exploits are mentioned i...

CVE-2026-4540

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

CVE-2026-4533

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-4533 code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-4533

CVE-2026-4533 affects code-projects Simple Food Ordering System 1.0. The vulnerability is in the all-tickets.php file where manipulating the Status parameter results in an SQL injection, with remote exploitation possible. Exploitation details are reported across multiple sources (NVD, Red Hat, CI...

Code-Projects Simple Food Ordering System SQL注入漏洞

Code-Projects Simple Food Ordering System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Ordering System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Status parameter in the fi...

PT-2026-26963

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

PT-2026-26971

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...

Fedora 42 : python-scitokens (2026-dec8f790f7)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-dec8f790f7 advisory. - Remove legacy parent SciToken chaining behavior from token initialization and claim handling - Harden Enforcer scope path traversal validation including...

Projectworlds Online Notes Sharing System 安全漏洞

Projectworlds Online Notes Sharing System is an online note-sharing system developed under the open-source Projectworlds framework. Version 1.0 of the Projectworlds Online Notes Sharing System contains a security vulnerability, which stems from incorrect handling of the User parameter in the...

CVE-2026-4530

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2026-4530 apconw Aix-DB terminology_retriever.py sql injection

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminologyretriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

CVE-2026-4530

A vulnerability in the apconw Aix-DB up to version 1.2.3 affects the file agent/text2sql/rag/terminology_retriever.py. The issue arises from manipulating the Description argument, which leads to SQL injection. The vulnerability is exploitable via a local attack, and public proof-of-concept exploi...

EUVD-2019-19904

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

EUVD-2019-19901

phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract...

CVE-2019-25580

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...