Lucene search
K

216735 matches found

Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-24967

Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL code into the 'tur', 'id', and 'ozellikdil' parameters of the admin/index.php...

8.8CVSS5.9AI score0.00411EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

DataEase SQL注入漏洞

DataEase is an open-source data visualization and analysis tool developed by DataEase. It helps users quickly analyze data and gain insights into business trends, thereby enabling improvements and optimizations in operations. Versions of DataEase prior to 2.10.20 contained a SQL injection...

9.3CVSS5.9AI score0.00418EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24993

Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. Attackers can send POST requests to the loginaction.php endpoint with crafted SQL payloads in the...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24913

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenu contact lead form AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.8AI score0.00338EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

Jettweb PHP Hazir Haber Sitesi Scripti SQL注入漏洞

Jettweb PHP Preconfigured News Sites Script is a content management system developed by the Turkish company Jettweb. Version V1 of the Jettweb PHP Preconfigured News Sites Script has a SQL injection vulnerability. This vulnerability stems from the option parameter, which allows for SQL injection...

8.8CVSS5.9AI score0.00265EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

WordPress plugin My Sticky Bar SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.9AI score0.00338EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24966

Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac kategori id parameter. Attackers can send POST requests to the endpoint with malicious SQL payloads to...

8.8CVSS5.9AI score0.00367EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

202CMS SQL注入漏洞

202CMS is a content management system developed by konradpl99. The 202CMS v10 beta version has a SQL injection vulnerability. This vulnerability stems from the loguser parameter, which allows for SQL injections, potentially enabling unverified attackers to manipulate database queries...

8.8CVSS5.9AI score0.00365EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.7 views

Netartmedia PHP Mall SQL注入漏洞

Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from the presence of SQL injection vulnerabilities in the id and Email parameters, which could...

8.8CVSS5.9AI score0.00373EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.8 views

Jettweb Php Hazir Ilan Sitesi Scripti SQL注入漏洞

Jettweb Php Hazir Ilan Sitesi Scripti is a content management system developed by the Turkish company Jettweb. The Jettweb Php Hazir Ilan Sitesi Scripti has a SQL injection vulnerability, which stems from the kat parameter being susceptible to SQL injections. This vulnerability could allow...

8.8CVSS5.9AI score0.0036EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.5 views

Netartmedia PHP Mall SQL注入漏洞

Netartmedia PHP Mall is an e-commerce platform system operated by the Bulgarian company Netartmedia. Version 4.1 of Netartmedia PHP Mall contains a SQL injection vulnerability. This vulnerability stems from multiple parameters that are susceptible to SQL injections, potentially allowing unverifie...

8.8CVSS5.9AI score0.00359EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/12 12:0 a.m.8 views

VulnCheck KEV: CVE-2026-3657

The My Sticky Bar plugin for WordPress is vulnerable to SQL injection via the stickymenucontactleadform AJAX action in all versions up to, and including, 2.8.6. This is due to the handler using attacker-controlled POST parameter names directly as SQL column identifiers in $wpdb-insert. While...

7.5CVSS5.9AI score0.00338EPSS
In wildExploits0References2
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

Xooscripts XooGallery SQL注入漏洞

Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the catid parameter. This vulnerability could allow unverified attackers to manipulate...

9.1CVSS5.8AI score0.00393EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.4 views

PT-2026-24986

Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. Attackers can send POST requests to the search/searchdetailed endpoint with malicious SQL payloa...

8.8CVSS5.9AI score0.00346EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

itsourcecode Online Doctor Appointment System SQL注入漏洞

itsourcecode Online Doctor Appointment System is an open-source online doctor appointment system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability; this vulnerability arises from incorrect handling of the parameter ID in the file admin/doctoraction.php, which...

9.8CVSS7.1AI score0.00379EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24976

Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery id parameter. Attackers can send GET requests to gallery.php with malicious gallery id values using...

8.8CVSS5.9AI score0.00439EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-24983

XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...

8.8CVSS5.9AI score0.00393EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.5 views

PT-2026-25001

Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. Attackers can inject time-based blind SQL payloads via the 'id' parameter in index.php or the 'Email' parameter in...

8.8CVSS5.8AI score0.00373EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 12:0 a.m.12 views

CVE-2026-26794

CVE-2026-26794 affects GL-iNet GL-AR300M16 (v4.3.11). Connected sources specify a SQL injection via the add_group() function, enabling an attacker to perform arbitrary SQL operations through a crafted HTTP request. The CVSS 3.1 metrics in the initial entry indicate NETWORK access, HIGH impact on ...

8.8CVSS6AI score0.00453EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25034

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject...

9.3CVSS5.8AI score0.00418EPSS
Exploits1References4
Rows per page
Query Builder