216733 matches found
CVE-2026-3969
CVE-2026-3969 affects FeMiner wms up to 1.0. The vulnerability lies in /wms-master/src/basic/depart/depart_add_bg.php (Basic Organizational Structure Module): manipulating the Name argument enables SQL injection. Attack vector is network with low complexity and no privileges required; remote expl...
PT-2026-24969
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information...
PT-2026-24936
A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is...
PT-2026-24920
🚨 CVE-2026-3981 A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit h...
Hotel-Booking-Script uHotelBooking SQL注入漏洞
Hotel-Booking-Script uHotelBooking is a hotel room reservation management system developed by Hotel-Booking-Script Inc. Hotel-Booking-Script uHotelBooking has a SQL injection vulnerability. This vulnerability stems from the SQL injection present in the systempage parameter, which may allow...
PT-2026-24984
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
PT-2026-24988
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL...
PT-2026-24987
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...
PT-2026-24968
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. Attackers can send GET requests to the katgetir.php endpoint with malicious 'kat' values to...
PT-2026-24985
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. Attackers can send POST requests to the search/rentals endpoint with malicious SQL payloads to...
PT-2026-24977
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send requests to haberarsiv.php with malicious cid values using UNION-based injecti...
CVE-2026-26794
GL-iNet GL-AR300M16 v4.3.11 was discovered to contain a SQL injection vulnerability via the addgroup function. This vulnerability allows attackers to execute arbitrary SQL database operations via a crafted HTTP request...
Netartmedia PHP Real Estate Agency SQL注入漏洞
Netartmedia PHP Real Estate Agency is a real estate brokerage management system developed by the Bulgarian company Netartmedia. Version 4.0 of Netartmedia PHP Real Estate Agency has a SQL injection vulnerability. This vulnerability stems from the features parameter, which allows for SQL injection...
PT-2026-24900
A vulnerability was detected in FeMiner wms up to 1.0. This impacts an unknown function of the file /wms-master/src/basic/depart/depart add bg.php of the component Basic Organizational Structure Module. Performing a manipulation of the argument Name results in sql injection. The attack may be...
PT-2026-24979
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. Attackers can send POST requests to uyelik.php with crafted payloads in the option parameter to...
iScripts ReserveLogic SQL注入漏洞
iScripts ReserveLogic is a reservation management system developed by the American company iScripts. iScripts ReserveLogic has a SQL injection vulnerability, which stems from the jqSearchDestination parameter being susceptible to SQL injections. This vulnerability could allow unauthenticated...
202CMS SQL注入漏洞
202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...
Netartmedia PHP Business Directory SQL注入漏洞
Netartmedia PHP Business Directory is a commercial directory website system developed by Netartmedia Company in Bulgaria. Version 4.2 of Netartmedia PHP Business Directory has a SQL injection vulnerability. This vulnerability stems from the Email parameters being subject to SQL injections, which...
Xooscripts XooDigital SQL注入漏洞
Xooscripts XooDigital is a software developed by the Xooscripts company. Xooscripts XooDigital has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unauthenticated attackers to manipulate database queries and extract...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Ready-made News Sites Script is a content management system provided by the Turkish company Jettweb. The Jettweb PHP Ready-made News Sites Script V3 version has a SQL injection vulnerability. This vulnerability stems from an authentication bypass in the login.php administration panel,...