CVE-2026-4504 eosphoros-ai db-gpt Incomplete Fix editor sql injection

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

CVE-2026-4504

A vulnerability (CVE-2026-4504) affects eosphoros-ai db-gpt up to version 0.7.5. The flaw involves unknown code in the /api/v1/editor/ path of the Incomplete Fix component, enabling SQL injection through manipulation. It can be exploited remotely and an exploit has been published. The vendor was ...

CVE-2026-4504

A flaw has been found in eosphoros-ai db-gpt up to 0.7.5. This vulnerability affects unknown code of the file /api/v1/editor/ of the component Incomplete Fix. This manipulation causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. Th...

WordPress Lumise Product Designer plugin < 2.0.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Lumise Product Designer versions 2.0.9...

WordPress ChatBot plugin <= 7.7.9 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin ChatBot versions = 7.7.9...

CVE-2025-62846

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2025-62846 QuRouter

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

CVE-2025-62846

Summary: CVE-2025-62846 is a SQL injection vulnerability affecting QHora/QuRouter. An attacker with local administrator privileges can exploit the flaw to execute unauthorized commands, with a CVSSv4 base score of 9.3 (CRITICAL), using a local attack vector, no user interaction required, and high...

CVE-2025-62846

An SQL injection vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: QuRouter 2.6.2.007 and later...

EUVD-2026-13700

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

WordPress JS Help Desk plugin <= 3.0.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Bonds in WordPress Plugin JS Help Desk versions = 3.0.3...

CVE-2026-4485 itsourcecode College Management System search_student.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-4485 itsourcecode College Management System search_student.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-4485

CVE-2026-4485 affects itsourcecode College Management System 1.0. The vulnerability is an SQL injection in an unknown function handling the Search parameter of /admin/search_student.php, exploitable remotely. Public exploit exposure is indicated. CVSS details show multiple vectors/metrics (e.g., ...

CVE-2026-4485

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

EUVD-2026-13678

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-33134 WeGIA has Authenticated Time-Based Blind SQL Injection in `restaurar_produto.php` via `id_produto` parameter

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

CVE-2026-33134

WeGIA is a web manager for charitable institutions. Versions 3.6.5 and below contain an authenticated SQL Injection vulnerability in the html/matPat/restaurarproduto.php endpoint. The vulnerability allows an authenticated attacker to inject arbitrary SQL commands via the idproduto GET parameter,...

Exploit for CVE-2026-22730

CVE-2026-22730 Scanner & Exploit – Spring AI MariaDB Vector Stor...