CVE-2026-5256

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2026-5257

The CVE-2026-5257 entry concerns code-projects Simple Laundry System 1.0. The vulnerability affects the Parameter Handler component, specifically the /delstaffinfo.php file, where manipulating the userid parameter leads to a SQL injection. The issue is exploitable remotely, and public disclosures...

CVE-2026-5257

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

CVE-2026-5257 code-projects Simple Laundry System Parameter delstaffinfo.php sql injection

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...

CVE-2026-5256 code-projects Simple Laundry System Parameter modify.php sql injection

A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has be...

CVE-2026-5256

CVE-2026-5256 affects code-projects Simple Laundry System 1.0. The vulnerability is in the Parameter Handler’s modify.php, where manipulation of the firstName parameter leads to SQL injection. Remote exploitation is possible, and the exploit has been published and may be used. The available conne...

CVE-2026-5180

A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-27697

baserCMS is a website development framework. Prior to version 5.2.3, baserCMS has a SQL injection vulnerability in blog posts. This issue has been patched in version 5.2.3...

WordPress Amelia plugin <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter vulnerability

Authenticated Manager+ SQL Injection via 'sort' Parameter vulnerability discovered by Michael Perla vizen5 - clixhouse in WordPress Plugin Amelia versions = 2.1.2...

EUVD-2026-17727

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

EUVD-2026-17731

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

EUVD-2026-17733

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2025-13855

IBM Storage Protect Server/IBM Storage Protect Plus Server (version 8.2.0) are affected by a SQL injection vulnerability (CVE-2025-13855) arising from lack of validation of externally supplied SQL statements. An attacker could remotely send crafted SQL to view, add, modify, or delete data in the ...

CVE-2025-13855 IBM Storage Protect Server is affected by a vulnerability that could allow authenticated users to access administrative metadata through the JSON-RPC endpoint .

IBM Storage Protect Server 8.2.0 IBM Storage Protect Plus Server is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2026-30273

pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base.executesqlquery component...

Hi.Events SQL注入漏洞

Hi.Events is an open-source event ticketing and management platform developed by Hi.Events. Versions of Hi.Events from 0.8.0-beta.1 to 1.7.1-beta contained a SQL injection vulnerability. This vulnerability occurred because multiple repository classes directly passed the sortby query parameter...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

PT-2026-29475

A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit...