CVE-2024-33288

Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page...

vulnerability-lab

🔐 Vulnerability Lab Buffer Overflow + SQLi ⚠️ FOR EDUCATI...

CVE-2026-4935

The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks...

CVE-2026-4935

CVE-2026-4935 affects the OttoKit: All-in-One Automation Platform WordPress plugin, exposed prior to version 1.1.23. The root cause is improper sanitization of user input used in SQL statements, enabling unauthenticated SQL injection. The CVSS‑3.1 vector is Network, Low complexity, No privileges,...

CVE-2026-8133

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-8132

A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txtusername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be...

CVE-2026-42208

LiteLLM proxy (AI Gateway) versions 1.81.16–1.83.6 suffer a SQL injection in the proxy API key verification path where the caller-supplied key is interpolated into a SQL query during error handling. An unauthenticated attacker can send a crafted Authorization header to LLM routes (e.g., POST /cha...

CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification

LiteLLM is a proxy server AI Gateway to call LLM APIs in OpenAI or native format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An...

EUVD-2026-28489

A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file /admin/viewmsg.php. Performing a manipulation of the argument msgid results in sql injection. The attack is possible to be carried out remotely. The exploit has been made...

EUVD-2026-28484

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

EUVD-2026-28488

A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file postcomment.php. This manipulation of the argument Name causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used...

CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-8133

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-8133 zyx0814 FilePress Shares Filelist API admin.php sql injection

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched...

CVE-2026-8132

CVE-2026-8132 affects CodeAstro Leave Management System 1.0. The vulnerability resides in an unknown function of login.php, where manipulation of the txt_username argument enables SQL injection. The issue can be triggered remotely and the exploit has been made public, indicating realism and poten...

CVE-2026-8132 CodeAstro Leave Management System login.php sql injection

A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txtusername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be...

CVE-2026-8131 SourceCodester SUP Online Shopping replymsg.php sql injection

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2026-8131

SourceCodester SUP Online Shopping 1.0 contains a SQL injection in /admin/replymsg.php via the msgid parameter. The affected component is a server-side PHP script handling admin replies. Exploitation is remote and the vulnerability is evidenced by publicly released exploits; CVSS data indicate a ...

CVE-2026-8131 SourceCodester SUP Online Shopping replymsg.php sql injection

A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file /admin/replymsg.php. The manipulation of the argument msgid results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the publ...

CVE-2026-8130 SourceCodester SUP Online Shopping message.php sql injection

A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file /admin/message.php. The manipulation of the argument seenid leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be...