PT-2026-35955

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save supplier of the file /ajax.php?action=save supplier. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been...

VulnCheck KEV: CVE-2026-42647

A vulnerability is present in the JoomSport – for Sports: Team & League plugin due to improper sanitization of the sortf parameter, that could lead to SQL injection...

PT-2026-35963

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view order.php of the component GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may...

PT-2026-36015

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description A flaw in the admin panel allows for remote SQL injection, a technique where malicious SQL statements are inserted into entry fields for execution. This issue occurs within the sa...

PT-2026-36110

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...

PT-2026-36903

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description A flaw in the Oracle Database node's select operation allows user-controlled input passed into the Limit field via expressions to be...

PT-2026-36013

Name of the Vulnerable Software and Affected Versions SourceCodester Pizzafy Ecommerce System version 1.0 Description An issue in the Setting Handler component allows for remote SQL injection. This occurs within the save settings function located in the '/pizzafy/admin/ajax.php?action=save...

📄 Pizzafy Ecommerce System 1.0 SQL Injection

The admin/vieworder.php endpoint in Pizzafy Ecommerce System version 1.0 fails to properly sanitize the id GET parameter before passing it to a MySQL query. An authenticated administrator can manipulate this parameter to inject arbitrary SQL, leading to full database compromise. SQL Injection in...

SourceCodester Pizzafy Ecommerce System 注入漏洞

SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a SQL injection vulnerability, which arises from the parameter operations in the function saveuser within the file...

CVE-2026-7290

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

CVE-2024-46636

NASA Earth Observing System Data and Information System EOSDIS MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter...

CVE-2021-36438

SQL Injection vulnerability exists in Sourcecodester Online Job Portal phppdo 1.0 ivia the category parameter in /jobportal/index.php...

CVE-2026-7293 SourceCodester Pizzafy Ecommerce System ajax.php delete_category sql injection

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

EUVD-2026-26137

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function deletecategory of the file /admin/ajax.php?action=deletecategory. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now public and...

CVE-2026-7293

SourceCodester Pizzafy Ecommerce System 1.0 is affected by a SQL injection in the delete_category function (/admin/ajax.php?action=delete_category) via the ID parameter. Exploitation is possible remotely and the exploit is publicly available; CVSS metrics indicate a Medium-severity, network-based...

Exploit for CVE-2026-42208

LiteLLM Proxy SQL Injection GHSA-r75f-5x8p-qvmc A reproduct...

CVE-2026-7290 JeecgBoot loadDict Endpoint SqlInjectionUtil.java SqlInjectionUtil sql injection

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation of the argument keyword causes sql...

CVE-2026-7290

JeecgBoot (up to version 3.9.1) contains a SQL injection flaw in the loadDict endpoint, specifically in SqlInjectionUtil.java. The vulnerability arises from how the keyword argument is processed within the SqlInjectionUtil component, enabling remote exploitation. Public disclosure of the exploit ...

CVE-2026-7283

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function saveexpired of the file /ajax.php?action=saveexpired. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit ha...

CVE-2026-7282

A vulnerability was identified in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function deleteexpired of the file /ajax.php?action=deleteexpired. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is...