234132 matches found
Chanjet CRM SQL注入漏洞
Chanjet CRM is a customer relationship management system developed by Chanjet Corporation. Version 1.0 of Chanjet CRM has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the parameter gblOrgID in the HTTP GET Request Handler component...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx
FreePBX 16 — Unauthenticated SQLi to RCE Proof-of-concept exp...
Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx
CVE-2025-57819 — FreePBX Unauthenticated SQLi → RCE One-shot...
CVE-2026-11334
A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file dashboardpage/forms/fetch.php. Performing a manipulation of the argument departmentcode results in...
CVE-2026-11342
A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and...
Exploit for SQL Injection in Progress Moveit_Cloud
🔍 Vulnerability Research A curated collection of in-depth vul...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
CVE-2026-11435 Jinher OA nextselectplan.aspx sql injection
A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor...
[SECURITY] [DSA 6324-1] request-tracker5 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6324-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 06, 2026 https://www.debian.org/security/faq -...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412 Jinher OA GetFormSn.aspx sql injection
A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can lead to sql injection. The attack may be performed from remote. The exploit has been made availab...
CVE-2026-11412
The CVE-2026-11412 entry describes a SQL injection weakness in Jinher OA C6, via GetFormSn.aspx at /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. The vulnerability is exploitable by manipulating the queryID parameter from remote, with exploit code publicly available. Affected component is an unknown ...
CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-9829
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-9829 Photo Gallery by 10Web <= 1.8.41 - Authenticated (Contributor+) SQL Injection via 'compact_album_order_by' Shortcode Parameter
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
EUVD-2026-34962
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compactalbumorderby' Shortcode Parameter in all versions up to, and including, 1.8.41 due to insufficient escaping on the user supplied parameter and lack of sufficient...
CVE-2026-8978
The CVE covers OptinCraft