234761 matches found
Mobile Security Framework SQL注入漏洞
Mobile Security Framework MobSF is an automated, integrated mobile application developed under the MobSF open-source framework. It is used for penetration testing, malware analysis, and security assessments, capable of performing both static and dynamic analyses. Prior to MobSF 4.4.6, there was a...
Openbiz PHP Framework SQL注入漏洞
Openbiz PHP Framework is an enterprise-level application development framework developed by jixian2003. Version 3.0.8 of Openbiz PHP Framework contains a SQL injection vulnerability. This vulnerability stems from insufficient input validation for the username parameter, which may lead to SQL...
Ory Hydra SQL注入漏洞
Ory Hydra is an OpenID connection tool developed by Ory. Versions of Ory Hydra prior to 26.2.0 had a SQL injection vulnerability. This vulnerability stemmed from defects in the pagination implementation, which could lead to SQL injections...
PT-2026-28531
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description The objects/playlistsVideos.json.php endpoint does not enforce authentication or authorization checks, allowing access to the full video contents of any playlist by its ID. While private...
📄 OpenEMR 8.0.0.2 SQL Injection
OpenEMR versions prior to 8.0.0.3 contain a remote SQL injection vulnerability in the new search popup that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the new search popup functionality. CVE-2026-29187 - SQL Injection Vulnerabilit...
PT-2026-28342
Name of the Vulnerable Software and Affected Versions JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress versions prior to 3.0.5 Description The JS Help Desk – AI-Powered Support & Ticketing System plugin for WordPress is susceptible to SQL Injection through the multiformid...
PT-2026-28238
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
PT-2026-28190
A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my account/delete.php. Performing a manipulation of the argument cos id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public...
Tandoor Recipes SQL注入漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.0 contained a SQL injection vulnerability. This vulnerability stemmed from the Recipe API endpoint exposing a hidden debug query...
Grafana MSSQL Data Source Plugin 安全漏洞
The Grafana MSSQL Data Source Plugin is an open-source plugin from Grafana that allows for connecting to Microsoft SQL Server. There is a security vulnerability in the Grafana MSSQL data source plugin. This vulnerability stems from a logical flaw that allows low-privilege users to bypass API...
PT-2026-28400
Name of the Vulnerable Software and Affected Versions Daylight Studio FuelCMS version 1.5.2 Description FuelCMS version 1.5.2 contains a SQL injection issue through the /controllers/Login.php component. The vulnerability is located in the /controllers/Login.php component and allows for potential...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
PT-2026-28245
qdPM 9.1 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through filter by parameters. Attackers can submit malicious POST requests to the timeReport endpoint with crafted filter byCommentCreatedFrom and filter...
FUEL CMS 安全漏洞
FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...
CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component...
PT-2026-28208
A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...
Wecodex Online Store System CMS SQL注入漏洞
Wecodex Online Store System CMS is a content management system for online stores developed by Wecodex. Version 1.0 of the Wecodex Online Store System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of email parameter inputs, which may lead to SQL...
PT-2026-28240
Name of the Vulnerable Software and Affected Versions Online Store System CMS version 1.0 Description An SQL injection allows unauthenticated attackers to manipulate database queries. This is achieved by sending POST requests to the 'index.php' endpoint with the action parameter set to...
PT-2026-28236
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2026-30463
CVE-2026-30463 affects Daylight Studio FuelCMS v1.5.2. The vulnerability is a SQL injection in the /controllers/Login.php component. Root cause is an injectable parameter handling in that login controller. Remediation per PT-Security PT-2026-28400 is to update FuelCMS to a newer version; as a tem...