216214 matches found
VulnCheck KEV: CVE-2022-1281
The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $POST'filtertag' parameter, which is appended to an SQL query, making SQL Injection attacks possible...
PT-2026-36756
Name of the Vulnerable Software and Affected Versions Shandong Hoteam Software PDM Product Data Management System versions prior to 8.3.10 Description A remote SQL injection can be initiated through the manipulation of the SortOrder argument. This issue affects the GetQueryMachineGridOnePageData...
PT-2026-36744
Name of the Vulnerable Software and Affected Versions Gym Management System In PHP and Windows NT 1.0 affected versions not specified Description A remote SQL injection can be triggered through the manipulation of the day argument in the '/index.php' endpoint. SQL injection is a type of flaw that...
RHCOS 6 : Red Hat OpenShift Enterprise 1.1.1 update (Moderate) (RHSA-2013:0582)
The remote Red Hat Enterprise Linux CoreOS 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0582 advisory. - rubygem-actionpack: Unsafe query generation CVE-2012-2660 - rubygem-activerecord: SQL injection when processing nested query...
Astra Linux - Vulnerability in libhibernate3-java
A flaw was discovered in Hibernate-core in versions prior to and including 5.4.23.Final. An SQL injection occurs in the implementation of the JPA Criteria API; this allows unsanitized literals to be used in SQL comments within queries. This flaw could enable attackers to access unauthorized...
Astra Linux – Vulnerability in Zabbix
A low-privilege regular Zabbix user with API access can exploit the SQL injection vulnerability in the include/classes/api/CApiService.php file to execute arbitrary SQL commands using the groupBy parameter...
Astra Linux – Vulnerability in Apache Log4j1.2
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter, where the values to be inserted are converted using PatternLayout. The message converter %m is likely to always be included. This allows attackers to manipulate SQL statements by entering crafted...
Astra Linux – Vulnerability in pgbouncer
In PgBouncer, the untrusted search path in the authquery connection handler before version 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication through a malicious searchpath parameter in the StartupMessage...
Astra Linux – Vulnerability in PostgresSQL 11
In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...
Astra Linux – Vulnerability in libpgjava
The PostgreSQL JDBC Driver abbreviated as PgJDBC allows Java programs to connect to a PostgreSQL database using standard, database-independent Java code. The implementation of the java.sql.ResultRow.refreshRow method in PgJDBC does not escape column names, which means that a malicious column name...
Astra Linux – Vulnerability in PostgresSQL 11
When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries during the initial establishment of a connection, despite the use of SSL certificate verification and encryption...
Astra Linux – Vulnerability in Zabbix
A non-administrator user account on the Zabbix frontend, with the default User role, or any other role that grants API access, can exploit this vulnerability. There is an SQL injection vulnerability in the CUser class within the addRelatedObjects function. This function is called from the CUser.g...
Astra Linux – Vulnerability in OpenLDAP
In OpenLDAP 2.x versions before 2.5.12 and 2.6.x versions before 2.6.2, there is a SQL injection vulnerability in the experimental slapd backend, caused by a SQL statement within an LDAP query. This vulnerability can occur during an LDAP search operation, when the search filter is processed, due ...
websec-sql-injection
WebSec SQL Injection Учебный backend-проект по безопасности в...
CVE-2026-7699
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7697
A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2026-7699
Dromara MaxKey up to 3.5.13 contains the StrUtils.checkSqlInjection vulnerability in StrUtils.java. The issue arises from manipulating the argument filtersfields, enabling remote SQL injection. The exploit is reported as publicly available and the vulnerability has a PROOF-OF-CONCEPT exploit; CVS...
EUVD-2026-26837
A security flaw has been discovered in Dromara MaxKey up to 3.5.13. Affected by this issue is the function StrUtils.checkSqlInjection of the file StrUtils.java. Performing a manipulation of the argument filtersfields results in sql injection. The attack is possible to be carried out remotely. The...
CVE-2026-7695
A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...
EUVD-2026-26835
A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhandsubmit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...