EUVD-2026-26471

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is possible. The...

CVE-2026-7545 SourceCodester Advanced School Management System checkEmail Endpoint commonController.php sql injection

A weakness has been identified in SourceCodester Advanced School Management System 1.0. The affected element is an unknown function of the file commonController.php of the component checkEmail Endpoint. This manipulation causes sql injection. Remote exploitation of the attack is possible. The...

PT-2026-36298

A vulnerability was found in code-projects Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit exercises.php. The manipulation of the argument edit exercise results in sql injection. It is possible to launch the attack remotely. The exploi...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

SourceCodester Advanced School Management System 注入漏洞

SourceCodester Advanced School Management System is an advanced school management system developed by SourceCodester as open source. Version 1.0 of the SourceCodester Advanced School Management System has a vulnerability related to SQL injection, which originates from an unknown function in the...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

CVE-2026-37505

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

CVE-2026-42475

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

Mix PHP SQL注入漏洞

Mix PHP is Mix PHP open source a PHP command-line mode development framework , support for multi-server ecological seamless switching . A SQL injection vulnerability exists in Mix PHP versions 2.x through 2.2.17 and earlier, which stems from improper manipulation of the on array parameter of the...

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

EUVD-2026-26676

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php...

EUVD-2026-26669

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

itsourcecode Courier Management System 注入漏洞

itsourcecode Courier Management System is itsourcecode open source a courier management system. itsourcecode Courier Management System 1.0 version of an injection vulnerability , the vulnerability stems from the file /editstaff.php in the unknown function of the parameter ID improper operation ,...

CVE-2026-37505

SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy$sort, $sortType without validation. An authenticated admin can sort users by any database column including password,...

CVE-2026-42474

CVE-2026-42474 describes an SQL injection in MixPHP Framework 2.x up to 2.2.17, caused by crafting the data array passed to BuildHelper.php::data function. Affected component is MixPHP Framework (2.x) and the vulnerability arises from the BuildHelper.php data function, as cited across NVD, CVE li...

PT-2026-36297

Name of the Vulnerable Software and Affected Versions SourceCodester Pharmacy Sales and Inventory System version 1.0 Description An issue exists in the '/ajax.php?action=save customer' endpoint where manipulation of the ID argument allows for SQL injection, a technique used to interfere with the...

PT-2026-36302

A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

SourceCodester Pharmacy Sales and Inventory System 注入漏洞

SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability, which arises from incorrect handling of the...