Lucene search
K

216737 matches found

Cvelist
Cvelist
added 2026/03/12 3:36 p.m.24 views

CVE-2019-25479 Inout RealEstate Lastest SQL Injection via agentlistdetails

Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. Attackers can send POST requests to the agents/agentlistdetails endpoint with malicious SQL payloads in the city paramete...

8.8CVSS0.00377EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 3:36 p.m.3 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2026/03/12 3:36 p.m.8 views

CVE-2019-25473

CVE-2019-25473 affects Clinic Pro via SQL injection on the monthly_expense_overview endpoint, exploitable by authenticated users through the month parameter. Root cause: improper input handling enabling boolean/time-based/error-based SQL injection. Impact: confidentiality impact HIGH; integrity L...

7.1CVSS5.9AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/12 3:36 p.m.25 views

CVE-2019-25473 Clinic Pro SQL Injection via monthly_expense_overview month Parameter

Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. Attackers can send POST requests to the monthlyexpenseoverview endpoint with crafted month values using boolean-based blind,...

7.1CVSS0.00323EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/03/12 10:39 a.m.5 views

WordPress WOLF plugin <= 1.0.8.7 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin WOLF versions = 1.0.8.7...

7.6CVSS5.9AI score0.00224EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/12 9:31 a.m.3 views

EUVD-2026-11547

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...

7.5CVSS5.7AI score0.00379EPSS
Exploits1References6
CVE
CVE
added 2026/03/12 8:2 a.m.8 views

CVE-2026-4014

The CVE-2026-4014 entry affects itsourcecode Cafe Reservation System 1.0, specifically the Registration module’s signup.php file. A manipulation of the Username argument enables SQL injection, allowing remote exploitation. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and security trackers) af...

9.8CVSS5.7AI score0.00379EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 8:2 a.m.2 views

CVE-2026-4014

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...

7.5CVSS5.7AI score0.00379EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/03/12 6:31 a.m.6 views

EUVD-2026-11527

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

7.5CVSS5.7AI score0.00379EPSS
Exploits1References6
NVD
NVD
added 2026/03/12 5:16 a.m.3 views

CVE-2026-3981

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctoraction.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made publ...

9.8CVSS0.00379EPSS
Exploits1References5
CVE
CVE
added 2026/03/12 4:32 a.m.12 views

CVE-2026-3981

The CVE-2026-3981 entry concerns itsourcecode Online Doctor Appointment System 1.0. The affected component is an unknown function in /admin/doctor_action.php where manipulating the argument ID triggers a SQL injection. Remote exploitation is possible, and public exploits have been released. Multi...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/12 4:2 a.m.13 views

CVE-2026-3980

CVE-2026-3980 affects the itsourcecode Online Doctor Appointment System 1.0. The vulnerability is in the /admin/patient_action.php routine, where manipulating the argument patient_id enables an SQL injection. It can be exploited remotely, and public disclosure is noted; exploitation status varies...

9.8CVSS6.9AI score0.00379EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/12 4:2 a.m.31 views

CVE-2026-3980 itsourcecode Online Doctor Appointment System patient_action.php sql injection

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patientaction.php. Such manipulation of the argument patientid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to th...

7.5CVSS0.00379EPSS
Exploits1References5
EUVD
EUVD
added 2026/03/12 3:31 a.m.3 views

EUVD-2026-11511

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References7
NVD
NVD
added 2026/03/12 3:15 a.m.3 views

CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS0.00338EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2026/03/12 2:38 a.m.153 views

Exploit for SQL Injection in Vishalmathur Cloudclassroom-Php-Project

CVE-2026-2058-PoC – CloudClassroom PHP Project SQL Injection...

9.8CVSS6AI score0.00468EPSS
Exploits3
Cvelist
Cvelist
added 2026/03/12 2:22 a.m.23 views

CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS0.00338EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/12 2:22 a.m.2 views

CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/12 2:22 a.m.2 views

CVE-2026-3657 My Sticky Bar <= 2.8.6 - Unauthenticated SQL Injection via 'stickymenu_contact_lead_form' Action

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References6
NVD
NVD
added 2026/03/12 1:15 a.m.6 views

CVE-2026-3969

A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/departaddbg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...

7.5CVSS0.00254EPSS
Exploits0References4
Rows per page
Query Builder