6 matches found
GHSA-VX58-FWWQ-5G8J NocoBase Has SQL Injection via template variable substitution in workflow SQL node
Summary NocoBase = 2.0.8 plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who triggers a workflow containing a SQL node with template variables from user-controlled data can inject arbitrary SQL...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
CVE-2026-25236 PEAR is Vulnerable to SQL Injection in Damblan_Karma IN() Query via Literal Substitution
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...
PT-2026-6285
PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, a SQL injection risk exists in karma queries due to unsafe literal substitution for an IN ... list. This issue has been patched in version 1.33.0...