CVE-2026-4624

SourceCodester Online Library Management System 1.0 contains a SQL injection in the Parameter Handler’s /home.php (unknown function) triggered by manipulating the searchField argument. The vulnerability is exploitable remotely and the exploit is publicly available. The CVE notes a medium to high ...

CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

CVE-2026-3079

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

CVE-2026-3079 LearnDash LMS <= 5.0.3 - Authenticated (Contributor+) SQL Injection via 'filters[orderby_order]' Parameter

The LearnDash LMS plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'filtersorderbyorder' parameter in the 'learndashpropaneltemplate' AJAX action in all versions up to, and including, 5.0.3. This is due to insufficient escaping on the user supplied parameter and lack o...

CVE-2026-3079

CVE-2026-3079 affects the LearnDash LMS WordPress plugin. The vulnerability is a blind time-based SQL injection in the AJAX action learndash_propanel_template caused by insufficient escaping of the parameter filters[orderby_order] . It impacts all versions up to and including 5.0.3. Exploitation ...

EUVD-2026-14660

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

EUVD-2026-14658

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

EUVD-2026-14620

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

EUVD-2026-14604

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

EUVD-2026-14608

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...

CVE-2026-4615

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2026-4613

A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2026-27376

Name of the Vulnerable Software and Affected Versions Bootstrapy CMS affected versions not specified Description Multiple SQL injection flaws allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. This can lead to the extraction of...

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

PT-2026-27374

Name of the Vulnerable Software and Affected Versions Inout Article Base CMS affected versions not specified Description Unauthenticated attackers can manipulate database queries using SQL injection. By sending GET requests to the 'portalLogin.php' endpoint, attackers can inject SQL code via...

WordPress plugin LearnDash LMS SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-30655

SQL injection in Solicitante::resetaSenha in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php...

SourceCodester Online Library Management System SQL注入漏洞

The SourceCodester Online Library Management System is an open-source online library management system developed by SourceCodester. Version 1.0 of the SourceCodester Online Library Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the...

PT-2026-27375

Netartmedia Vlog System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with malicious email values in the forgotten password module to...

MATRI4WEB Matrimony Website Script M-Plus SQL注入漏洞

MATRI4WEB Matrimony Website Script M-Plus is a website scripting system developed by the Indian company MATRI4WEB. It is used to create dating platforms and manage member profiles as well as matching functions. The MATRI4WEB Matrimony Website Script M-Plus has a SQL injection vulnerability. This...