216735 matches found
PT-2026-24967
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...
DataEase SQL注入漏洞
DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a SQL injection...
PT-2026-24993
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...
PT-2026-24913
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenu contact lead form AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...
Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞
Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the option parameter, which allows for SQL injection...
WordPress plugin My Sticky Bar SQL注入漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-24966
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac kategori id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...
202CMS SQL注入漏洞
202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...
Netartmedia PHP Mall SQL注入漏洞
Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from the presence of SQL injection vulnerabilities in the id and Email parameters, which could...
Jettweb Php Hazir Ilan Sitesi Scripti SQL注入漏洞
Jettweb Php Hazir Ilan Sitesi Scripti is a content management system developed by the Turkish company Jettweb. The Jettweb Php Hazir Ilan Sitesi Scripti has a SQL injection vulnerability, which stems from the kat parameter being susceptible to SQL injections. This vulnerability could allow...
Netartmedia PHP Mall SQL注入漏洞
Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from multiple parameters that are susceptible to SQL injections, potentially allowing unverifie...
VulnCheck KEV: CVE-2026-3657
The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...
Xooscripts XooGallery SQL注入漏洞
Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the catid parameter. This vulnerability could allow unverified attackers to manipulate...
PT-2026-24986
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...
itsourcecode Online Doctor Appointment System SQL注入漏洞
itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability; this vulnerability arises from incorrect handling of the parameter ID in the file admin/doctoraction.php, which...
PT-2026-24976
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery id parameter. Attackers can send GET requests to gallery.php with malicious gallery id values using...
PT-2026-24983
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...
PT-2026-25001
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...
CVE-2026-26794
CVE-2026-26794 affects GL-iNet GL-AR300M16 (v4.3.11). Connected sources specify a SQL injection via the add_group() function, enabling an attacker to perform arbitrary SQL operations through a crafted HTTP request. The CVSS 3.1 metrics in the initial entry indicate NETWORK access, HIGH impact on ...
PT-2026-25034
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...