CVE-2026-7797

The CVE covers the WordPress plugin Appointment Booking Calendar – Simply Schedule Appointments . The vulnerability exists in versions up to

CVE-2018-25362

Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting SQL code through the userid parameter. Attackers can submit union-based or time-based blind SQL injection payloads to extract sensitive database information...

CVE-2026-6929 JoomSport <= 5.7.7 - Unauthenticated SQL Injection via 'sortf' Parameter

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'sortf' parameter in all versions up to, and including, 5.7.7 due to insufficient escaping on the user supplied parameter and lack of sufficient...

PT-2026-29408

The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the sort parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied sort parameter and lack of...

CVE-2026-23921

A flaw was found in Zabbix. A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in the API service. This vulnerability allows an attacker to execute arbitrary SQL selects and exfiltrate sensitive database data through time-based techniques. This could...

PT-2026-21447

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attackers can send requests to the arama endpoint with malicious 'q' values using time-based SQL...

CVE-2025-65022

CVE-2025-65022 describes an authenticated time-based SQL injection in i-Educar up to version 2.10.0, in the intranet/agenda.php script. The issue arises from the cod_agenda parameter being directly concatenated into SQL queries without sanitization, allowing an authenticated user to execute arbit...

WordPress Modern Events Calendar SQL Injection Scanner

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Modern Events Calendar SQLi Scanner', 'Description' = %q Modern Events Calendar plugin contains an unauthenticated timebased SQL...

CVE-2024-25891

ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection Time-based via the CurrentFundraiser GET parameter...

WordPress Modern Events Calendar SQLi Scanner

Modern Events Calendar plugin contains an unauthenticated timebased SQL injection in versions before 6.1.5. The time parameter is vulnerable to injection. Module Options msf use auxiliary/scanner/http/wpmoderneventscalendarsqli msf auxiliarywpmoderneventscalendarsqli show actions ...actions... ms...

WordPress Loginizer log SQLi Scanner

Loginizer wordpress plugin contains an unauthenticated timebased SQL injection in versions before 1.6.4. The vulnerable parameter is in the log parameter. Wordpress has forced updates of the plugin to all servers Module Options msf use auxiliary/scanner/http/wploginizerlogsqli msf...

thejshen Globitek CMS 1.4 - &#039;id&#039; SQL Injection

Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested on: CentOS 7 CVE: N/A The GET reques...

CollegeManagementSystem-CMS 1.3 - batch SQL Injection

CollegeManagementSystem-CMS 1.3 - batch SQL Injection Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Discovery Date: 2019-09-16 Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link:...