PT-2026-26928

ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the...

PT-2026-26929

i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive...

WordPress plugin Quentn WP SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

PT-2026-26921

Green CMS 2.x contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cat parameter. Attackers can send GET requests to index.php with m=admin, c=posts, a=index parameters and inject SQL code in the cat...

phpTransformer 路径遍历漏洞

phpTransformer is a content management system developed by the Lebanese company phpTransformer. The version 2016.9 of phpTransformer has a path traversal vulnerability. This vulnerability stems from an SQL injection vulnerability in the idnews parameter, which could allow remote attackers to...

PT-2026-26850

The CMS Commander plugin for WordPress is vulnerable to SQL Injection via the 'or blogname', 'or blogdescription', and 'or admin email' parameters in all versions up to, and including, 2.288. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation o...

PT-2026-26924

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

WordPress plugin ElementCamp SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-26830

The myLinksDump plugin for WordPress is vulnerable to SQL Injection via the 'sort by' and 'sort order' parameters in all versions up to, and including, 1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

PT-2026-26948

A security flaw has been discovered in apconw Aix-DB up to 1.2.3. This impacts an unknown function of the file agent/text2sql/rag/terminology retriever.py. Performing a manipulation of the argument Description results in sql injection. The attack requires a local approach. The exploit has been...

Kepler Wallpaper Script SQL注入漏洞

Kepler Wallpaper Script is a desktop wallpaper generation script developed by Kepler Wallpaper Inc. Version 1.1 of Kepler Wallpaper Script contains an SQL injection vulnerability. This vulnerability stems from the category parameter, which allows for SQL injections, potentially enabling...

PT-2026-26838

The Quentn WP plugin for WordPress is vulnerable to SQL Injection via the 'qntn wp access' cookie in all versions up to, and including, 1.2.12. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the get user access...

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

CVE-2026-4508

A vulnerability was identified in PbootCMS up to 3.2.12. The impacted element is the function checkUsername of the file apps/home/controller/MemberController.php of the component Member Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely...

CVE-2026-4508

CVE-2026-4508 affects PbootCMS up to version 3.2.12. The vulnerability resides in the Member Login flow, specifically the function checkUsername in apps/home/controller/MemberController.php, where manipulation of the Username argument leads to a SQL injection. The issue can be triggered remotely;...

CVE-2026-4507

A vulnerability was determined in Mindinventory MindSQL up to 0.2.1. The affected element is the function askdb of the file mindsql/core/mindsqlcore.py. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be...

EUVD-2026-13804

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the GetRelationships API when a forged pagination token is provided. An attacker can execute arbitrary SQL queries by submitting crafted pagination tokens if the secrets.pagination configuration is not set or is known ...