CVE-2026-8125 code-projects Simple Chat System sendMessage.php sql injection

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2026-37431

Affected product: Beauty Parlour Management System v1.1. Vulnerability: SQL injection via the aptnumber parameter in the /appointment-detail.php endpoint. Impact (as stated): Attacker can access sensitive database information by crafting SQL statements; high confidentiality, integrity, and availa...

CVE-2024-33722

SOPlanning 1.52.00 is affected by an authenticated SQL Injection in the projets.php page (statut[] parameter). The CVE-2024-33722 entry shows a MEDIUM severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) with an authenticated, low-privilege actor able to induce database queries via a crafted ...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

PT-2026-38655

Name of the Vulnerable Software and Affected Versions CodeAstro Leave Management System version 1.0 Description A weakness in the /login.php file allows for remote SQL injection. This occurs through the manipulation of the txt username argument. SQL injection is a type of flaw that allows an...

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...

Code-Projects Simple Chat System 注入漏洞

Code-Projects Simple Chat System is an easy-to-use chat system developed by Code-Projects as open source. Version 1.0 of Code-Projects Simple Chat System has a SQL injection vulnerability, which arises from the validations of the parameters type/length/business in the sendMessage.php file,...

SourceCodester Comment System 注入漏洞

The SourceCodester Comment System is an open-source comment system developed by SourceCodester. Version 1.0 of the SourceCodester Comment System has a vulnerability caused by SQL injection due to the parameter manipulation in the file postcomment.php. This vulnerability could be exploited through...

SOPlanning SQL注入漏洞

SOPlanning is a set of online project management software developed by SOPlanning Company. Version 1.52.00 of SOPlanning contains an SQL injection vulnerability. This vulnerability stems from the SQL injection in the projects.php file, and it could be exploited by authenticated users...

PT-2026-38652

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection exists in the wishlist.php file. This issue occurs when the delwlistid argument is manipulated, allowing an attacker to execute unauthorized database queries...

PT-2026-38676

Name of the Vulnerable Software and Affected Versions OttoKit: All-in-One Automation Platform WordPress plugin versions prior to 1.1.23 Description Insufficient sanitization of user input used in a SQL statement allows unauthenticated attackers to perform SQL injection attacks. Recommendations...

PT-2026-39137

Name of the Vulnerable Software and Affected Versions Beauty Parlour Management System version 1.1 Description An issue exists where a crafted SQL statement can be used to access sensitive database information. This occurs via the aptnumber parameter in the '/appointment-detail.php' endpoint...

CVE-2026-37431

Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...

CVE-2024-33722

SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut...

PT-2026-38642

Name of the Vulnerable Software and Affected Versions SourceCodester Comment System version 1.0 Description An issue exists in the processing of the 'post comment.php' file. Manipulation of the Name argument allows for SQL injection, which can be exploited remotely. Recommendations At the moment,...

PT-2026-38644

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description A remote SQL injection is possible via an unknown function within the '/admin/viewmsg.php' file. The issue occurs when the msgid argument is manipulated, allowing an attacker to...

SourceCodester SUP Online Shopping 注入漏洞

SourceCodester SUP Online Shopping is an open-source online shopping system developed by SourceCodester. Version 1.0 of SourceCodester SUP Online Shopping has a vulnerability due to SQL injection caused by the param msg.php file’s msgid operation, which may lead to remote attacks...

PT-2026-38653

Name of the Vulnerable Software and Affected Versions SourceCodester SUP Online Shopping version 1.0 Description An issue exists in the file '/admin/message.php' where the manipulation of the seenid argument allows for SQL injection, a technique used to interfere with the queries that an...

Beauty Parlour Management System SQL注入漏洞

Beauty Parlour Management System is a beauty salon management system developed by Darkseid’s developers. Version 1.1 of Beauty Parlour Management System has a SQL injection vulnerability. This vulnerability stems from the aptnumber parameter in the /appointment-detail.php endpoint, which may allo...

Fedora 42 : proftpd (2026-739d341ab8)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-739d341ab8 advisory. Cumulative bug-fix release from upstream. Includes fix for a possible SQL-injection issue via modsql CVE-2026-42167. Note that modsql is not enabled by...