Bootstrapy CMS SQL注入漏洞

Bootstrapy CMS is an open-source content management system developed by Bootstrapy. Bootstrapy CMS has a SQL injection vulnerability. This vulnerability arises from multiple SQL injections, allowing unauthenticated attackers to inject malicious code through the threadid parameter in...

PT-2026-27373

Matrimony Website Script M-Plus contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various POST parameters. Attackers can inject malicious SQL payloads into parameters like txtGender, religion, Fage, an...

SourceCodester Online Catering Reservation SQL注入漏洞

SourceCodester Online Catering Reservation is an open-source online catering reservation system developed by SourceCodester. Version 1.0 of SourceCodester Online Catering Reservation has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters in the...

WordPress plugin JetEngine SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

SourceCodester E-Commerce Site SQL注入漏洞

SourceCodester E-Commerce Site is an e-commerce website developed under open source by SourceCodester. Version 1.0 of SourceCodester E-Commerce Site has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter Search in the file /products.php, which may le...

PT-2026-27324

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Sales and Inventory System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the paramete...

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...

Zabbix 安全漏洞

Zabbix is a set of open-source monitoring systems developed by Zabbix Inc. This system supports network monitoring, server monitoring, cloud monitoring, and application monitoring. Zabbix has security vulnerabilities; one of these vulnerabilities stems from SQL injection in the sortfield paramete...

SourceCodester Online Admission System SQL注入漏洞

The SourceCodester Online Admission System is an open-source online admission system developed by SourceCodester. Version 1.0 of the SourceCodester Online Admission System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the program parameter in the...

Parse Server SQL注入漏洞

Parse Server is an open-source backend developed by the Parse Platform. It can be deployed on any infrastructure that runs Node.js. Versions of Parse Server prior to 8.6.59 and 9.6.0-alpha.53 contain a SQL injection vulnerability. This vulnerability arises from the ability of attackers to inject...

itsourcecode Online Enrollment System SQL注入漏洞

itsourcecode Online Enrollment System is an open-source online registration system developed by itsourcecode. Version 1.0 of the itsourcecode Online Enrollment System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “Name” in the file...

PT-2026-27377

eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extra...

CVE-2026-4615

The CVE-2026-4615 entry details a SQL injection in SourceCodester Online Catering Reservation 1.0, triggered by manipulating the rcode parameter in the /search.php function. The vulnerability is exploitable remotely, and public exploits are available. Affected component is an unknown function wit...

CVE-2026-4615

A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4306

The WP Job Portal plugin for WordPress is vulnerable to SQL Injection via the 'radius' parameter in all versions up to, and including, 2.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-2412

The Quiz and Survey Master QSM plugin for WordPress is vulnerable to SQL Injection via the 'mergedquestion' parameter in all versions up to, and including, 10.3.5. This is due to insufficient sanitization of user-supplied input before being used in a SQL query. The sanitizetextfield function...