CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id

The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

EUVD-2018-21626

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the admin/editsource endpoint with crafted SQL UNION statements to extract database...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2211

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

EUVD-2025-201664

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

CVE-2025-12608

A security flaw has been discovered in itsourcecode Online Loan Management System 1.0. The affected element is an unknown function of the file /manageuser.php. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has...

CVE-2025-10660 WP Dashboard Chat <= 1.0.3 - Authenticated (Contributor+) SQL Injection via id

The WP Dashboard Chat plugin for WordPress is vulnerable to SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

PT-2025-35354

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.10 Description: A vulnerability exists in Portabilis i-Educar up to version 2.10, specifically within the /module/AreaConhecimento/view file of the Listagem de áreas de conhecimento Page component...

CVE-2023-1792

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/fields/managefield.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql...

CVE-2024-7363

A vulnerability, which was classified as critical, was found in SourceCodester Tracking Monitoring Management System 1.0. Affected is an unknown function of the file /manageperson.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2023-7140

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be...

WordPress Plugin Advanced Local Pickup for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

CVE-2023-46006

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edituser.php...

CVE-2023-46006

Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edituser.php...

CVE-2023-2619

A vulnerability, which was classified as critical, was found in SourceCodester Online Tours & Travels Management System 1.0. This affects the function exec of the file disapprovedelete.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

PT-2023-19396 · Sourcecodester · Ac Repair/Services System

Name of the Vulnerable Software and Affected Versions: SourceCodester AC Repair and Services System version 1.0 Description: A critical issue was found in the system, affecting the file /admin/services/view service.php. The manipulation of the id argument leads to SQL injection. It is possible to...

CVE-2023-2145

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been classified as critical. Affected is an unknown function of the file projectspercurriculum.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The explo...

CVE-2022-43066

Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Master.php?f=deletemessage...

CVE-2022-28105

Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/viewfacility.php...

PT-2017-15082 · Dolibarr · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP/CRM version 6.0.4 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the id parameter in the comm/multiprix.php file. Recommendations: For version 6.0.4, consider...