PT-2026-45459

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

PT-2026-45551

A vulnerability was found in CodeAstro Payroll System 1.0. This affects an unknown part of the file /home employee.php. The manipulation of the argument emp id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used...

PT-2026-45407

A weakness has been identified in itsourcecode Content Management System 1.0. Impacted is an unknown function of the file /admin/add sub topic.php. This manipulation of the argument topic id causes sql injection. The attack is possible to be carried out remotely. The exploit has been made availab...

SourceCodester Computer Repair Shop Management System SQL Injection Vulnerability

SourceCodester Computer Repair Shop Management System is an open-source computer repair workshop management system developed by SourceCodester. Versions of the SourceCodester Computer Repair Shop Management System prior to version 1.0 contained SQL injection vulnerabilities. These vulnerabilities...

Code-Projects Online Hospital Management System SQL Injection Vulnerability

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. The 1.php version of the Code-Projects Online Hospital Management System has a SQL injection vulnerability. This vulnerability stems from improper handling of the Userna...

Pixa Bank SQL Injection Vulnerability

Pixa Bank is an integrated AI visual creation workspace provided by Pixa Corporation. Version 2.0 of Pixa Bank has a SQL injection vulnerability. This vulnerability stems from the injection of SQL code using the rib parameter, which may allow unauthorized attackers to extract sensitive user...

PT-2026-45260

An improper Input Validation vulnerability in OTRS or OTRS Community Edition database layer module allows an unauthenticated SQL injection which can lead to an authentication bypass. This issue only affects the system if the MySQL/MariaDB server is configured with the NO BACKSLASH ESCAPES SQL mod...

PT-2026-45640

A vulnerability was identified in itsourcecode Fees Management System 1.0. This affects an unknown part of the file /manage course.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

PT-2026-45622

No-Cms 1.0 contains an SQL injection vulnerability in the order by parameter of the manage privilege export endpoint that allows authenticated attackers to manipulate database queries. Attackers can submit POST requests to /nocms/main/manage privilege/index/export with malicious SQL code in the...

PT-2026-45401

A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed...

PT-2026-45620

Paroiciel 11.20 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the zProIdPro parameter. Attackers can send GET requests to zpro.php with crafted SQL payloads in the zProIdPro parameter to extract...

PT-2026-45400

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

WordPress plugin WP Directory Kit has a SQL injection vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. The WordPre...

Itsourcecode Online Blood Bank Management System SQL Injection Vulnerability

itsourcecode Online Blood Bank Management System is an open-source online blood bank management system developed by itsourcecode. Version 1.0 of the system has a SQL injection vulnerability, which stems from improper handling of the parameter ID in the file/admin/viewrequest.php, potentially...

OTRS security vulnerabilities

OTRS is a service management solution developed by the German company OTRS. Vulnerabilities exist in OTRS versions 7.0.X, 8.0.X, 2023.X, 2024.X, 2025.X, and 2026.X up to version 2026.4.X, as well as in the Community Edition 6.0.x version. These vulnerabilities stem from improper input validation ...

PT-2026-45617

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

PT-2026-45422

A vulnerability was detected in CodeAstro Online Job Portal 1.0. The impacted element is an unknown function of the file /admin/jobs-admins/delete-jobs.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit is now...

PT-2026-45395

A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might...

Paraiciel SQL injection vulnerability

Paroiciel is an parish management information system developed by the French company Paroiciel. Version 11.20 of Paroiciel contains a SQL injection vulnerability. This vulnerability stems from the eGeqIdEquipe parameter, which allows for SQL injections. This could enable authenticated attackers t...