33 matches found
CVE-2026-2508
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-2508
CVE-2026-2508 affects the Gravity Forms Booking plugin for WordPress, all versions up to and including 2.7.1. The vulnerability is a time-based SQL Injection via the 'staff_id' parameter caused by insufficient escaping and lack of proper query preparation. Authenticated attackers with Subscriber-...
EUVD-2026-39167
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'
The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152 code-projects Vehicle Showroom Management System StaffAddingFunction.php sql injection
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2026-6152
A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFFID causes sql injection. The attack can be initiated remotely. The exploit has been...
PT-2026-32238
A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF ID leads to sql injection. The attack can be launched remotely. The exploit is publicly...
CVE-2022-27991
Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...
CVE-2025-14223
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...
EUVD-2025-201694
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2025-14223
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2025-14223
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2025-14223 code-projects Simple Leave Manager request.php sql injection
A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...
CVE-2025-14223
CVE-2025-14223 affects Code-Projects Simple Leave Manager 1.0, with a vulnerability in the /request.php file. The issue arises from manipulation of the staff_id parameter, enabling SQL injection. Multiple connected sources confirm remote exploitation potential and public disclosure of the exploit...
PT-2025-49516
Name of the Vulnerable Software and Affected Versions Simple Leave Manager version 1.0 Description A flaw exists in an unspecified functionality of the /request.php file that allows for SQL injection. Manipulating the staff id argument can trigger this issue, and the attack can be initiated...
CVE-2025-11118
A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be...
EUVD-2022-32477
Malicious code in bioql PyPI...
CVE-2025-11118 CodeAstro Student Grading System adminLogin.php sql injection
A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be...