PT-2026-32274

A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2026-36938

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/viewroom.php...

CVE-2026-36872

CVE-2026-36872 affects Sourcecodester Basic Library System v1.0, with a SQL Injection vulnerability in the script path /librarysystem/load_book.php. The connected records confirm the vulnerable endpoint but do not provide detailed root cause analysis, affected parameter names, or remediation step...

SourceCodester Cab Management System 安全漏洞

SourceCodester Cab Management System is an open-source taxi management system developed by SourceCodester. Version 1.0 of the SourceCodester Cab Management System has a security vulnerability, which stems from SQL injection in the /cms/admin/bookings/viewbooking.php file...

CVE-2026-36937

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/viewdetails.php...

Code-Projects Easy Blog Site SQL注入漏洞

Code-Projects Easy Blog Site is an easy blog website developed by Code-Projects as open source. Version 1.0 of Code-Projects Easy Blog Site has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters in the post.php file, which may lead to SQL injection attac...

PT-2026-32355

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view details.php...

📄 WBCE CMS 1.6.4 SQL Injection

WBCE CMS versions 1.6.4 and below suffer from a remote time-bsed SQL injection vulnerability via the groups parameter. CVE-2025-65950: WBCE CMS is Vulnerable to Time-Based Blind SQL Injection through groups Parameter Overview | Field | Details | |---|---| | CVE ID | CVE-2025-65950 | | Severity |...

CVE-2026-36942

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manageactivity.php...

CVE-2026-36945

CVE-2026-36945 affects Sourcecodester Computer and Mobile Repair Shop Management System v1.0. A SQL injection flaw exists in /rsms/admin/clients/manage_client.php, with low overall impact (C/L, I/N, A/N) and requires high privileges; exploitation details not provided in the supplied documents. No...

PT-2026-32388

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800...

Fortinet FortiClient EMS SQL Injection Vulnerability

Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests...

📄 EGroupware SQL Injection

EGroupware versions prior to 23.1.20260113 and greater than or equal to 26.0.20251208 but less than 26.0.20260113 are affected by a remote SQL injection vulnerability in the Nextmatch filter processing. CVE-2026-22243: EGroupware has SQL Injection in Nextmatch Filter Processing Overview | Field |...

CVE-2026-36873

CVE-2026-36873 affects Sourcecodester Basic Library System v1.0. The vulnerability is a SQL Injection in the administrative loader endpoint at /librarysystem/load_admin.php (variants in copies show /librarysystem/load_admin.php). Evidence from Red Hat, ENISA EUVD, CIRCL, CVE lists confirms the sa...

PT-2026-32396

Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view archive.php...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in ajaxcomplete.php. CVE-2025-69213: OpenSTAManager has a SQL Injection in ajaxcomplete.php getsedi endpoint Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69213 | | Severity | HIGH | | Advisory |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote time-based SQL injection vulnerability in the Article Pricing module. CVE-2026-24416: OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24416 | |...

WordPress LifterLMS plugin <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter vulnerability

Authenticated Custom+ SQL Injection via 'order' Parameter vulnerability discovered by momopon1415 in WordPress Plugin LifterLMS versions = 9.2.1...

Exploit for SQL Injection in Apache Superset

CVE-2026-23980 - Apache Superset Authenticated SQL Injection...

EUVD-2019-20131

CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to category.php with malicious catid values to extract sensitive database information includi...