CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

CVE-2026-9010 Boost <= 2.0.3 - Unauthenticated Blind SQL Injection via Multiple Parameters

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

EUVD-2026-31044

The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'currenturl' and 'username' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL queries. This makes i...

EUVD-2018-8272

Malware in sbrugna...

EUVD-2006-6202

Malware in sbrugna...

EUVD-2008-4504

Malware in sbrugna...

EUVD-2006-1644

Malware in sbrugna...

EUVD-2017-5904

Malware in sbrugna...

EUVD-2006-5092

Malware in sbrugna...

EUVD-2021-33135

Malicious code in bioql PyPI...

CVE-2024-3974

The BuddyPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in versions up to, and including, 12.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions...

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

CVE-2024-10758

A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack...

CVE-2024-3365

A vulnerability was found in SourceCodester Online Library System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin/users/controller.php. The manipulation of the argument username leads to cross site scripting. The attack may be initiated remotely...

Online Library System 跨站脚本漏洞

Online Library System is an open source online library system. A cross-site scripting vulnerability exists in SourceCodester Online Library System version 1.0, which originates from a cross-site scripting vulnerability in the username parameter of the admin/users/controller.php file...

Clinics Patient Management System SQL Injection Vulnerability

Clinics Patient Management System is a clinic patient management system. A SQL injection vulnerability exists in Clinics Patient Management System version 2.0, which originates from a parameter username that can be exploited to execute illegal SQL commands...

GHSA-QRW3-MQ8R-CQ7Q AdaptCMS SQL Injection vulnerability

SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

Victor CMS SQL Injection Vulnerability (CNVD-2022-85093)

Victor CMS is an open source content management system by Victor Alagwu, a personal developer in Nigeria. v1.0 of Victor CMS is vulnerable to SQL injection, which originates from the username parameter in /includes/login.php, and can be exploited by attackers to inject queries in /CMSsite/ throug...

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

Cross site scripting

Victor CMS 1.0 has Persistent XSS in admin/users.php?source=adduser via the username, userfirstname, or userlastname parameter...