216356 matches found
CVE-2026-5814 PHPGurukul Online Course Registration check_availability.php sql injection
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/checkavailability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-5814
CVE-2026-5814 affects PHPGurukul Online Course Registration 3.1. The vulnerability is in the /admin/check_availability.php script, where manipulating the regno parameter leads to SQL injection. Attack vector is NETWORK with LOW attack complexity and no required privileges or user interaction. Rep...
CVE-2026-5813
PHPGurukul Online Course Registration 3.1 is affected by a SQL injection in the file /check_availability.php, triggered by manipulating the cid parameter. The vulnerability can be exploited remotely and the exploit is publicly available. The CVSS metrics indicate a Network attack vector, low comp...
CVE-2026-5813 PHPGurukul Online Course Registration check_availability.php sql injection
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...
CVE-2026-5813
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /checkavailability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made...
EUVD-2026-20647
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...
CVE-2026-5805
A weakness has been identified in code-projects Easy Blog Site up to 1.0. The impacted element is an unknown function of the file /users/contactus.php. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available...
CVE-2026-5805
Code-projects Easy Blog Site (up to version 1.0) contains a SQL injection in /users/contact_us.php where manipulating the Name parameter can trigger database queries remotely. The vulnerability’s exploitability is network-based with low impact on confidentiality, integrity, and availability, and ...
CVE-2026-39318
ChurchCRM is an open-source church management system. Versions prior to 7.1.0 have an SQL injection vulnerability in the endpoints /GroupPropsFormRowOps.php, /PersonCustomFieldsRowOps.php, and /FamilyCustomFieldsRowOps.php. A user has to be authenticated. For ManageGroups privileges have to be...
CVE-2026-39319
ChurchCRM is an open-source church management system. Prior to 7.1.0, a second order SQL injection vulnerability was found in the endpoint /FundRaiserEditor.php in ChurchCRM. A user has to be authenticated but doesn't need any privileges. These users can inject arbitrary SQL statements through th...
CVE-2026-33350 LORIS has a SQL injection in MRI feedback popup
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to 27.0.3 and 28.0.1, a SQL injection has been identified in some code sections for the MRI feedback popup window of the imaging...
EUVD-2026-20453
WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
EUVD-2026-20444
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membershipids’ parameter in all versions up to, and including, 5.1.2 due to...
WordPress Blocksy Companion Pro plugin < 2.1.29 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Blocksy Companion Pro versions 2.1.29...
SonicWall SMA1000 Series Appliances Affected By Multiple Vulnerabilities
1 CVE-2026-4112 - Privilege Escalation via SQL InjectionImproper neutralization of special elements used in an SQL command “SQL Injection” in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary...
WordPress GeekyBot plugin <= 1.2.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin GeekyBot versions = 1.2.0...
WordPress Simply Schedule Appointments plugin <= 1.6.9.27 - SQL Injection vulnerability
SQL Injection vulnerability discovered by Doan Dinh Van in WordPress Plugin Simply Schedule Appointments versions = 1.6.9.27...
CVE-2026-3396
The CVE-2026-3396 entry concerns WCAPF – WooCommerce Ajax Product Filter plugin, affected up to version 4.2.3. The vulnerability is an unauthenticated time-based SQL Injection via the 'post-author' parameter, caused by insufficient escaping of user input and insufficient use of prepared statement...
CVE-2026-1865
The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to SQL Injection via the ‘membershipids’ parameter in all versions up to, and including, 5.1.2 due to...
CVE-2026-1865
The CVE describes an SQL Injection in the WordPress plugin “User Registration & Membership” for all versions up to 5.1.2, exploitable via the membership_ids[] parameter. It requires Subscriber-level or higher authentication and can lead to extraction of sensitive data due to insufficient escaping...