Dokan Pro <= 3.10.3 - SQL Injection

The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. id: CVE-2024-3922 info: name: Dokan Pro...

Debian dla-4604 : roundcube - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4604 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4604-1 [email protected]...

CVE-2022-0366

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1...

CVE-2025-7458

An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute arbitrary SQL statements to cause a denial of service or disclose sensitive information from process memory via a crafted SELECT statement with a...

CVE-2025-50127 Extension - dj-extensions.com - SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla

A SQLi vulnerability in DJ-Flyer component 1.0-3.2 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-50127

CVE-2025-50127 concerns the DJ-Flyer Joomla extension (component DJ-Flyer 1.0–3.2). The issue is a SQL injection vulnerability that allows privileged users to execute arbitrary SQL commands. Root cause is improper input handling in the vulnerable component, enabling crafted queries to reach the d...

WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

GHSA-9XVF-CJVF-FF5Q WP Crontrol vulnerable to possible RCE when combined with a pre-condition

Impact WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential f...

CVE-2023-40629

SQLi vulnerability in LMS Lite component for Joomla...

CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2022-30451

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...

Code injection

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...

CVE-2022-30451

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1...

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...

CVE-2021-43735

CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule...

CVE-2022-0366

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1...

CVE-2021-36807

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8...

Code injection

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8...

CVE-2021-36807

An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8...

Sql injection

In Sentrifugo 3.2, admin can edit employee's informations via this endpoint -- /sentrifugo/index.php/empadditionaldetails/edit/userid/2. In this POST request, "employeeNumId" parameter is affected by SQLi vulnerability. Attacker can inject SQL commands into query, read data from database or write...