📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

CVE-2026-36873

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/loadadmin.php...

PT-2026-32392

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk prod availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit...

PT-2026-32339

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view booking.php...

PT-2026-32277

Name of the Vulnerable Software and Affected Versions The Form Maker by 10Web WordPress plugin versions prior to 1.15.38 Description Improper preparation of SQL queries occurs when the "MySQL Mapping" feature is active, which may enable SQL Injection attacks in certain contexts. Recommendations...

PT-2026-32356

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view service.php...

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

PT-2026-32515

Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allows any authenticated control panel user to achieve remote code execution through a four-step...

PT-2026-32284

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE ID leads to sql injection. The attack may be initiated remotely. The...

PT-2026-32285

A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

📄 Cockpit CMS 2.13.5 NoSQL Injection

Cockpit CMS version 2.13.5 is vulnerable to NoSQL operator injection on multiple API endpoints. User-supplied filter objects are forwarded to the Mongolite query engine without stripping MongoDB operators. Authenticated users can bypass intended query filters and perform boolean-based blind queri...

PT-2026-32390

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view details.php...

SourceCodester Computer and Mobile Repair Shop Management system 安全漏洞

The SourceCodester Computer and Mobile Repair Shop Management system is a simple PHP project open source by SourceCodester. It provides a website that displays information about the store. This project also manages customers’ repair records; if their devices have been repaired or serviced,...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...

CVE-2026-36874

Sourcecodester Basic Library System v1.0 is affected by a SQL Injection in /librarysystem/load_student.php. The CVSSv3.1 base score is 2.7 (LOW) with confidentiality impact LOW and no demonstrated exploit details in the provided documents. No remediation or patch information is included in the co...

CVE-2026-36941

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manageroom.php...

PT-2026-32507

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

PT-2026-32228

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A SQL injection issue exists due to the processing of the STAFF ID argument in the /util/StaffAddingFunction.php file. This manipulation can be initiated remotely. The exploit has been...

CVE-2026-36919

CVE-2026-36919 affects Sourcecodester Online Reviewer System v1.0. The vulnerability is a SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php. The available records confirm the impact is SQL injection but do not provide patch details or specific vulnerable param...

PT-2026-32448

Someone just found a way to dump your entire database with a single HTTP request. CVE-2026-6193: Critical SQL injection in PHPGurukul Daily Expense Tracker v1.1. No authentication. No special tools. Just a crafted URL parameter. Full attack chain breakdown → https://t.co/TeFM3nIkbP SQLInjection C...