Joomla! CMS SQL注入漏洞

Joomla! CMS is a content management system developed under the open source Joomla! framework. The Joomla! CMS has a SQL injection vulnerability, which stems from improper construction of the order clause. This vulnerability may lead to SQL injection attacks at the articles webservice endpoint...

itsourcecode Payroll Management System SQL注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Version 1.0 of the itsourcecode Payroll Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter ID in the...

IBM Storage Protect Server SQL注入漏洞

IBM Storage Protect Server is an enterprise-class data backup and recovery management system from International Business Machines IBM. A SQL injection vulnerability exists in IBM Storage Protect Server version 8.2.0. The vulnerability stems from the application's lack of validation of externally...

PT-2026-29592

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort by query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application...

VulnCheck KEV: CVE-2024-6265

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘uwpsortby’ parameter in all versions up to, and including, 1.2.10 due to insufficient escaping on the user supplied...

VulnCheck KEV: CVE-2022-3254

The WordPress Classifieds Plugin WordPress plugin before 4.3 does not properly sanitise and escape some parameters before using them in a SQL statement via an AJAX action available to unauthenticated users and when a specific premium module is active, leading to a SQL injection...

Fortinet FortiClient EMS 7.4.4 SQLi (FG-IR-25-1142)

The version of Fortinet FortiClient EMS installed on the remote host is 7.4.4. It is, therefore, affected by a SQL injection vulnerability: - An improper neutralization of special elements used in an SQL command 'SQL Injection' vulnerability in FortiClientEMS 7.4.4 may allow an unauthenticated...

WordPress plugin Booking for Appointments and Events Calendar - Amelia SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

CVE-2026-5238

A weakness has been identified in itsourcecode Payroll Management System 1.0. Affected by this issue is some unknown functionality of the file /viewemployee.php of the component Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed...

CVE-2026-5238

Affects itsourcecode Payroll Management System 1.0. The vulnerability exists in the Parameter Handler’s view_employee.php, where manipulating the ID parameter leads to SQL injection. This is a remote exploit with public proof-of-concept; CVSS metrics indicate high impact (network access, no authe...

SUSE CVE-2026-32714

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the KeyCache class in scitokens was vulnerable to SQL Injection because it used Python's str.format to construct SQL queries with user-supplied data such as issuer and keyid. This allowed an attacker to...

CVE-2026-4668 Amelia <= 2.1.2 - Authenticated (Manager+) SQL Injection via 'sort' Parameter

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

SQL Injection

Overview alerta-server is an Alerta server WSGI application Affected versions of this package are vulnerable to SQL Injection in the q parameter of the query string API due to direct interpolation of user-supplied input into SQL statements using f-strings. An attacker can execute arbitrary SQL...

alerta-server has potential SQL Injection vulnerability in Query String Syntax (q=) API

Impact The Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. Patches Fixed in v9.1.0. The Postgres query parser now uses parameterized queries wit...

CVE-2026-5237

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

CVE-2026-5237

Affected software: itsourcecode Payroll Management System 1.0. The vulnerability resides in the Parameter Handler, specifically affecting the /manage_user.php file. A crafted manipulation of the ID parameter enables an SQL injection, with remote exploitation possible. Public exploit exists, indic...

CVE-2026-5237

A security flaw has been discovered in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /manageuser.php of the component Parameter Handler. Performing a manipulation of the argument ID results in sql injection. The attack is possib...

CVE-2026-5148

A weakness has been identified in YunaiV yudao-cloud up to 2026.01. This vulnerability affects unknown code of the file /admin-api/system/mail-log/page. This manipulation of the argument toMail causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

CVE-2026-5147

A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This affects an unknown part of the file /admin-api/system/tenant/get-by-website. The manipulation of the argument Website results in sql injection. It is possible to launch the attack remotely. The exploit has been released...