Lucene search
K

6 matches found

OSV
OSV
added 2026/04/01 11:44 p.m.5 views

GHSA-VX58-FWWQ-5G8J NocoBase Has SQL Injection via template variable substitution in workflow SQL node

Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...

8.5CVSS6.3AI score0.00406EPSS
Exploits1References5
NVD
NVD
added 2026/02/03 7:16 p.m.6 views

CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS0.00266EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/03 7:16 p.m.5 views

CVE-2026-25236

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 6:29 p.m.5 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 6:29 p.m.7 views

CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

6.9CVSS5.6AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.8 views

PT-2026-6285

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...

9.8CVSS5.7AI score0.00266EPSS
Exploits0References4
Rows per page
Query Builder