CVE-2026-6457 Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter

The Geo Mashup plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'geomashupnullfields' parameter in all versions up to, and including, 1.13.19 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

Exploit for CVE-2026-42167

CVE-2026-42167 — ProFTPD modsql SQL Injection / Auth Bypass...

CVE-2019-25542 Netartmedia Real Estate Portal 5.0 SQL Injection via index.php

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

Django 4.2.x < 4.2.27, 5.0.x < 5.1.15, 5.2.x < 5.2.9 Multiple Vulnerabilities - Windows

Django is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django"; if descriptio...

CVE-2025-62177 WeGIA vulnerable to SQL Injection via 'id_funcionario' param at endpoint `/html/funcionario/dependente_listar.php`

WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to 3.5.1, a SQL Injection vulnerability was identified in the /html/funcionario/dependentelistar.php endpoint, specifically in the idfuncionario parameter. This vulnerability allows attackers to...

CVE-2025-52021

A SQL Injection vulnerability exists in the editproduct.php file of PuneethReddyHC Online Shopping System Advanced 1.0. The productid GET parameter is unsafely passed to a SQL query without proper validation or parameterization...

EUVD-2025-30873

Malicious code in bioql PyPI...

EUVD-2025-31734

Malicious code in bioql PyPI...

EUVD-2025-29106

Malicious code in bioql PyPI...

SQL Injection

Overview llama-index-packs-finchat is a llama-index packs implementation of a hierarchical agent for finance chat. Affected versions of this package are vulnerable to SQL Injection via the runsqlquery function in the database agent. An attacker can inject raw PostgreSQL statements into a prompt a...

CVE-2025-1959

A vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /changespwd.php. The manipulation of the argument loginid/loginkey leads to sql injection. It is possible to launch the attack remotely. The exploit has...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

CVE-2024-45622

ASIS (Aplikasi Sistem Sekolah) built on CodeIgniter 3 versions 3.0.0–3.2.0 is affected by a SQL injection in the index.php handling of the username parameter, enabling an authentication bypass. The issue arises from improper handling of user input leading to unauthenticated access (CWE-89). The C...

CVE-2024-40560

CVE-2024-40560 affects Mini-Tmall (Spring Boot-based mini-Tmall mall). Vulnerability: SQL injection due to lack of validation of externally entered SQL statements in versions prior to 2024.07.03. Impact: potential exposure of sensitive database data. Mitigation: upgrade to Mini-Tmall v2024.07.03 ...

CVE-2023-38190

An issue was discovered in SuperWebMailer 9.00.0.01710. It allows Export SQL Injection via the size parameter...

cash-machine SQL注入漏洞

cash-machine is an application by the individual developer of viakondratiuk. Cash-machine suffers from a SQL injection vulnerability that stems from the function iscardpinatsession/updatefailedattempts in machine.py that can lead to sql injection...

CVE-2022-32375

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/gettimetable.php?id=...

EulerOS 2.0 SP5 : cyrus-sasl (EulerOS-SA-2022-1527)

According to the versions of the cyrus-sasl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...