216214 matches found
CVE-2026-7227
SourceCodester Pizzafy Ecommerce System 1.0 contains an SQL injection in the Login function (admin/ajax.php?action=login) via manipulation of the e-mail parameter. Exploitation is possible remotely and the exploit is public, indicating practical risk. The CVE notes CVSS metrics (e.g., up to 7.3–7...
CVE-2026-7226 SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...
CVE-2026-7226
A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...
CVE-2026-7225 SourceCodester Pizzafy Ecommerce System ajax.php delete_menu sql injection
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...
CVE-2026-7225
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...
CVE-2026-7225 SourceCodester Pizzafy Ecommerce System ajax.php delete_menu sql injection
A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function deletemenu of the file /admin/ajax.php?action=deletemenu. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit...
CVE-2026-7225
SourceCodester Pizzafy Ecommerce System 1.0 is affected. The vulnerability is in /admin/ajax.php?action=delete_menu; manipulating the ID parameter enables SQL injection. A remote attack is possible and public PoC exists. CVSS metrics show high impact on confidentiality/integrity/availability (LOW...
CVE-2026-7224 SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection
A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-7224 SourceCodester Pizzafy Ecommerce System ajax.php delete_cart sql injection
A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...
EUVD-2026-25988
A security flaw has been discovered in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function deletecart of the file /admin/ajax.php?action=deletecart. Performing a manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit has been...
GHSA-4J28-22QP-RJCF sqlite-mcp has an Injection issue
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7206
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7206 dubydu sqlite-mcp entry.py extract_to_json sql injection
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7206
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7206 dubydu sqlite-mcp entry.py extract_to_json sql injection
A security flaw has been discovered in dubydu sqlite-mcp up to 0.1.0. The affected element is the function extracttojson of the file src/entry.py. Performing a manipulation of the argument outputfilename results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2026-7206
CVE-2026-7206 affects the project dubydu sqlite-mcp up to version 0.1.0. The vulnerability is in the function extract_to_json (file src/entry.py). Malicious manipulation of the output_filename argument enables a SQL injection vulnerability. Remote exploitation is possible and the exploit has been...
CVE-2026-7199
A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=deleteproduct. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the atta...
SQLite MCP Server 注入漏洞
SQLite MCP Server is a lightweight tool developed by Doo Bui, an individual developer, that allows large models to operate SQLite databases autonomously. Versions of SQLite MCP Server 0.1.0 and earlier contained a vulnerability due to incorrect handling of the outputfilename parameter in the...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which stems from the operation of the getcartitems function in the...
SourceCodester Pizzafy Ecommerce System 注入漏洞
SourceCodester Pizzafy Ecommerce System is an open-source e-commerce system developed by SourceCodester. Version 1.0 of the SourceCodester Pizzafy Ecommerce System has a vulnerability related to SQL injection, which stems from the saveorder function in the admin/ajax.php?action=saveorder file,...