CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

CVE-2021-47928 Opencart TMD Vendor System 3.x Blind SQL Injection via product route

Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the productid parameter. Attackers can craft malicious SQL queries using time-based or content-based blind injection...

Exploit for SQL Injection in Litellm

CVE-2026-42208 — LiteLLM Pre-Auth SQL Injection Timing PoC Lo...

Exploit for CVE-2025-1094

--- POC Khai thác lỗ hổng CVE-2025-1094: PostgreSQL psql SQL...

pgx: SQL Injection via placeholder confusion with dollar quoted string literals

...

EUVD-2026-28982

A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the publ...

CVE-2025-14179

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

CVE-2025-14179

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

Exploit for CVE-2025-4396

CVE-2025-4396 Exploit: Relevanssi SQL Injection Time-Based...

CVE-2025-14179

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

CVE-2025-14179

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

EUVD-2025-209755

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat, which stops at...

CVE-2025-14179

PHP’s PDO Firebird driver is affected in PHP 8.2.x (before 8.2.31), 8.3.x (before 8.3.31), 8.4.x (before 8.4.21), and 8.5.x (before 8.5.6). The root cause is improper handling of NUL bytes during token-by-token SQL query construction: a string token containing a NUL byte is copied with strncat(),...

Exploit for SQL Injection in Litellm

Threat Intelligence Brief - CVE-2026-42208: BerriAI LiteLLM SQ...

PT-2026-39443

Name of the Vulnerable Software and Affected Versions PHP versions 8.2.0 through 8.2.30 PHP versions 8.3.0 through 8.3.30 PHP versions 8.4.0 through 8.4.20 PHP versions 8.5.0 through 8.5.5 Description The PDO Firebird driver improperly handles NUL bytes during the preparation of SQL queries. When...

WordPress plugin Survey & Poll SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Balbooa Joomla Forms Builder SQL注入漏洞

Balbooa Joomla Forms Builder is a website form building plugin provided by Balbooa Corporation, which offers visual form design and data collection features. Version 2.0.6 of Balbooa Joomla Forms Builder contains an SQL injection vulnerability. This vulnerability stems from an unauthenticated SQL...

Opencart TMD Vendor System SQL注入漏洞

The Opencart TMD Vendor System is an extension provided by Opencart Inc. for e-commerce platforms, offering multiple merchant integration and management features. Version 3.x of the Opencart TMD Vendor System contains a SQL injection vulnerability. This vulnerability stems from blind SQL injectio...