Ask Expert Script 跨站脚本漏洞

Ask Expert Script is an online Q&A system script for the PHP Scripts Mall community. Version 3.0.5 of the Ask Expert Script contains a cross-site scripting vulnerability. This vulnerability stems from cross-site scripting and SQL injection vulnerabilities, which may allow unverified attackers to...

PT-2026-30430

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the...

PT-2026-30450

A security vulnerability has been detected in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /my-profile.php of the component Parameter Handler. The manipulation of the argument fullname leads to sql injection. It is possible to initiate the attack remotel...

PT-2026-30501

Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id to delete parameter. Attackers can send crafted requests with malicious SQL statements in the id to delete field to extract or modify sensitive...

PT-2026-30405

A vulnerability was identified in itsourcecode Online Enrollment System 1.0. This affects an unknown function of the file /sms/user/index.php?view=edit&id=10 of the component Parameter Handler. Such manipulation of the argument USERID leads to sql injection. The attack can be executed remotely. T...

PT-2026-30471

ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched searches.php endpoint with crafted SQL payloads to extract...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of the code-projects Simple Laundry System contains a SQL...

PT-2026-30428

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

Frostmourne SQL注入漏洞

Frostmourne is a multi-data source monitoring and alerting system developed by AutohomeCorp. Versions of Frostmourne 1.0 and earlier contain SQL injection vulnerabilities, which stem from the SQL injection vulnerability in the httpTest function located in the...

KADOS SQL注入漏洞

KADOS is a note-taking tool developed by fouvolant’s individual developer. KADOS has a SQL injection vulnerability, which stems from the injection of SQL code through the idproject parameter. This vulnerability may lead to SQL injection attacks...

PT-2026-30483

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perfor...

PT-2026-30505

A vulnerability was detected in griptape-ai griptape 0.19.4. Affected by this issue is some unknown functionality of the file griptape/tools/sql/tool.py of the component SqlTool. Performing a manipulation results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

CodeAstro Online Classroom SQL注入漏洞

CodeAstro Online Classroom is an online classroom platform provided by CodeAstro Inc. Version 1.0 of CodeAstro Online Classroom has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “videotitle” in the file /OnlineClassroom/addvideos.php, which may...

PT-2026-30415

A vulnerability was identified in PHPGurukul User Registration & Login and User Management System 3.3. The affected element is an unknown function of the file /admin/yesterday-reg-users.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible...

PT-2026-30408

A security vulnerability has been detected in halex CourseSEL up to 1.1.0. Affected by this vulnerability is the function check sel of the file Apps/Index/Controller/IndexController.class.php of the component HTTP GET Parameter Handler. The manipulation of the argument seid leads to sql injection...

SuiteCRM SQL注入漏洞

SuiteCRM is a customer relationship management system developed by the SuiteCRM team. Version 7.10.7 of SuiteCRM has a SQL injection vulnerability. This vulnerability stems from the parentTab parameter, which allows for SQL injections. It is possible for authenticated attackers to manipulate...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project of PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “pid” in the...

PT-2026-30421

A security flaw has been discovered in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/login.php of the component Parameter Handler. The manipulation of the argument email results in sql injection. The attack may be launched remotel...

itsourcecode Online Enrollment System SQL注入漏洞

itsourcecode Online Enrollment System is an open-source online registration system developed by itsourcecode. Version 1.0 of the itsourcecode Online Enrollment System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the USERID parameter in the...

PT-2026-30453

Name of the Vulnerable Software and Affected Versions zongyu09 openchatbi versions up to 0.2.1 Description A flaw exists in the Multi-stage Text2SQL Workflow component of zhongyu09 openchatbi. Manipulation of the keywords argument can result in SQL injection. This issue can be exploited remotely...