Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/25 3:42 a.m.32 views

CVE-2026-2508 Gravity Forms Booking <= 2.7.1 - Authenticated (Subscriber+) Time-Based SQL Injection via 'staff_id'

The Gravity Forms Booking plugin for WordPress is vulnerable to time-based SQL Injection via the ‘staffid’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS0.00241EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/08 8:2 a.m.3 views

CVE-2025-14223 code-projects Simple Leave Manager request.php sql injection

A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staffid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to t...

7.5CVSS6.8AI score0.00326EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/10/08 8:19 p.m.3 views

CVE-2025-11118

A vulnerability was identified in CodeAstro Student Grading System 1.0. This issue affects some unknown processing of the file /adminLogin.php. Such manipulation of the argument staffId leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be...

9.8CVSS7AI score0.00441EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/07 12:0 a.m.3 views

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is a SourceCodester open source salon management system. SourceCodester Best Salon Management System version 1.0 suffers from an injection vulnerability that originates from improper handling of the parameter staffid in the file /panel/schedule-staff.ph...

8.8CVSS6.9AI score0.00361EPSS
Exploits1References6
Rows per page
Query Builder