216300 matches found
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via the formatDataBeforeSave process. An attacker can execute arbitrary SQL commands by supplying crafted input to the idfiche parameter, which is concatenated directly into a SQL query without sanitization. Remediation...
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave()
Vulnerability Details YesWiki bazar module contains a SQL injection vulnerability in tools/bazar/services/EntryManager.php at line 704. The $data'idfiche' value sourced from $POST'idfiche' is concatenated directly into a raw SQL query without any sanitization or parameterization. Vulnerable Code...
CVE-2026-40482
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...
PT-2026-37118
Name of the Vulnerable Software and Affected Versions Dagster Core versions prior to 1.13.1 Dagster libraries versions prior to 0.29.1 Description DuckDB, Snowflake, BigQuery, and DeltaLake I/O managers construct SQL WHERE clauses by interpolating dynamic partition key values into queries without...
PT-2026-37109
Name of the Vulnerable Software and Affected Versions YesWiki versions prior to 4.6.1 Description The bazar module contains a SQL injection flaw in the tools/bazar/services/EntryManager.php file. The issue occurs because the id fiche value, sourced from the $ POST'id fiche' variable, is...
CVE-2026-40482
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...
CVE-2026-40482 ChurchCRM has Authenticated SQL Injection in `/api/families/byCheckNumber/{scanString}`
ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0...
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...
SQL Injection
Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to SQL Injection in the handling of the tableprefix and schema parameters in multiple conversation store backends, where these values are...
SQL Injection
Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...
GHSA-RG3H-X3JW-7JM5 PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)
The fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine sibling backends — MySQL, PostgreSQL, async SQLite/MySQL/PostgreSQL, Turso, SingleStore, Supabase, SurrealDB — pass tableprefix straight into f-string SQL. Same root cause, same code pattern, same exploitation...
CVE-2026-40352 FastGPT: NoSQL Injection in updatePasswordByOld Leads to Account Takeover
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verification by injecting MongoDB query operators. This allows an attacker who has gained a low-privilege...
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
EUVD-2026-23557
FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attacker to pass a MongoDB query operator object e.g., "$ne": "" as the password field. This NoSQL...
Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple
C...
CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...
CVE-2026-40285
WeGIA web manager versions before 3.6.10 are affected by a SQL injection in dao/memorando/UsuarioDAO.php. The flaw stems from the cpf_usuario POST parameter being used to overwrite the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), with the attacker-...
EUVD-2026-23529
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...
CVE-2026-40285 WeGIA has SQL Injection via Session Variable Override in DespachoControle.php
WeGIA is a web manager for charitable institutions. Versions prior to 3.6.10 contain a SQL injection vulnerability in dao/memorando/UsuarioDAO.php. The cpfusuario POST parameter overwrites the session-stored user identity via extract$REQUEST in DespachoControle::verificarDespacho, and the...