EUVD-2026-33612

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

CVE-2026-40546

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

CVE-2026-40546 Multiple SQL Injections in SOPlanning

SOPlanning is vulnerable to SQL Injection across multiple endpoints and parameters. Attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control over the database. This issue affects SOPlanning version 1.55 and below...

CVE-2026-40546

SOPlanning (affected versions 1.55 and earlier) is vulnerable to SQL Injection across multiple endpoints and parameters. An attacker with low privileges can inject arbitrary SQL commands, potentially gaining full control of the database. This is documented under CVE-2026-40546; related CVEs descr...

EUVD-2026-33607

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-10242

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-10242 itsourcecode Content Management System instructions.php sql injection

A weakness has been identified in itsourcecode Content Management System 1.0. This impacts an unknown function of the file /instructions.php. This manipulation of the argument topicid causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the...

CVE-2026-10242

CVE-2026-10242 affects itsourcecode Content Management System 1.0. The vulnerability is a SQL injection in the /instructions.php file caused by manipulation of the topic_id argument. It can be triggered remotely and exploitation has been publicly disclosed (exploit maturity: Proof-of-Concept). Af...

CVE-2026-10235

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-10237

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

EUVD-2026-33582

A vulnerability was found in SourceCodester Water Billing Management System 1.0. Impacted is an unknown function of the file /admin/?page=user/manageuser of the component User Management Module. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the atta...

CVE-2026-10235

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-10235

CodeAstro Ingredients Stock Management System 1.0 contains an SQL injection in stock_manager.php via the txt_search_category parameter. The vulnerability affects unknown code in /Ingredients-Stock/stock_manager.php and can be exploited remotely; exploit has been published. No remediation details ...

EUVD-2026-33570

A flaw has been found in CodeAstro Ingredients Stock Management System 1.0. This vulnerability affects unknown code of the file /Ingredients-Stock/stockmanager.php. This manipulation of the argument txtsearchcategory causes sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-10225

A vulnerability was detected in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. This issue affects some unknown processing of the file logincheck.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The...

CVE-2026-10226

A flaw has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an unknown function of the file delete.php. Executing a manipulation of the argument userid/courseid/teacherid/studentid/applicationid can lead to sql injection. The...

Drupal SQL Injection

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. id: CVE-2014-3704 info: name: Drupal SQL...

MOVEit Transfer - Remote Code Execution

In Progress MOVEit Transfer before 2021.0.6 13.0.6, 2021.1.4 13.1.4, 2022.0.4 14.0.4, 2022.1.5 14.1.5, and 2023.0.1 15.0.1, a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database...

PuneethReddyHC Online Shopping System homeaction.php SQL Injection

An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...