Lucene search
K

12 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41885

Name of the Vulnerable Software and Affected Versions Contest Gallery versions prior to 28.1.7 Description The Contest Gallery plugin for WordPress contains a SQL Injection flaw. This occurs because the unauthenticated 'post cg gallery form upload' AJAX action fails to properly escape the form...

7.5CVSS5.9AI score0.00391EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.4 views

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected...

8.8CVSS6.2AI score0.00299EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/07 11:52 p.m.4 views

CVE-2026-21875 ClipBucket v5 Vulnerable to Blind SQL Injection through Channel Comments

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a comment within a channel, there is a POST request to the /actions/ajax.php endpoint. The objid...

9.8CVSS7.5AI score0.00342EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 7:19 a.m.11 views

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to unsafe construction of SQL queries without prepared statements in the duckdbretriever component, which allows an attacker to inject arbitrary SQL commands and execute malicious code...

9.8CVSS7.5AI score0.01311EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/19 9:0 p.m.10 views

OpenSTAManager has Authenticated SQL Injection in API via 'display' parameter

Summary An authenticated SQL Injection vulnerability in the API allows any user, regardless of permission level, to execute arbitrary SQL queries. By manipulating the display parameter in an API request, an attacker can exfiltrate, modify, or delete any data in the database, leading to a full...

8.8CVSS8.4AI score0.00323EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.5 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

9.8CVSS8.7AI score0.00381EPSS
Exploits0References1
NVD
NVD
added 2025/08/22 7:15 p.m.4 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

9.8CVSS0.00381EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.2 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

8.6AI score0.00381EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.8 views

CVE-2025-51092

The LogIn-SignUp project by VishnuSivadasVS is vulnerable to SQL Injection due to unsafe construction of SQL queries in DataBase.php. The functions logIn and signUp build queries by directly concatenating user input and unvalidated table names without using prepared statements. While a prepareDat...

0.00381EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/12 12:13 a.m.9 views

PyLoad vulnerable to SQL Injection via API /json/add_package in add_links parameter

Summary The parameter addlinks in the API /json/addpackage is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive data leakage. Details - Affected file:https://github.com/pyload/pyload/blob/develop/src/pyload/core/database/filedatabase.pyL271 - Affected code: python...

8.8CVSS8.2AI score0.00303EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.7 views

The vulnerability of the getUsers method in the software for managing and monitoring deleted objects in telemetry and telemechanics systems, such as the TeleControl Server Basic, allows a hacker to circumvent security restrictions, read and write arbitrary files, and execute arbitrary code.

The vulnerability of the getUsers method in software for managing and monitoring removed objects in telemetry and telemechanics systems related to the TeleControl Server Basic lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to...

9CVSS6.1AI score0.00604EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/10 12:0 a.m.5 views

The vulnerability of the watu_exams function (controllers/exam.php) in the Watu Quiz plugin of the WordPress content management system allows a hacker to execute arbitrary SQL queries.

The vulnerability of the watuexams function controllers/exam.php in the Watu Quiz plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL queries...

10CVSS7.2AI score0.00707EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder