Skip to main content

SQLi

15164 CVEs technique

Monthly

CVE-2018-25347 HIGH POC This Week

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25346 HIGH POC This Week

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25342 HIGH POC This Week

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25341 HIGH POC This Week

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25340 HIGH POC This Week

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-9305 LOW POC Monitor

SQL injection in QuantumNous new-api versions up to 0.12.1 allows authenticated remote attackers to manipulate database queries through the SearchUserTopUps and SearchAllTopUps functions in the self endpoint. The vulnerability exists in model/topup.go with confirmed public exploit code available on GitHub. With EPSS data unavailable and CVSS 6.3 (medium severity), the primary risk stems from the low-complexity exploitation requiring only low-level authentication, enabling attackers to exfiltrate sensitive data, modify records, or potentially execute denial-of-service attacks against the database layer.

SQLi New Api
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-41075 HIGH PATCH This Week

Authenticated SQL injection in Best Practical's Request Tracker (RT) ticketing system affects versions 5.0.0-5.0.9 and 6.0.0-6.0.2 via the entry_aggregator parameter in the JSON search endpoint, allowing any logged-in RT user to read or modify arbitrary data in the underlying database. The flaw was disclosed alongside the rt-5.0.10/6.0.3 release on 2026-05-20 and carries CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SQLi Rt
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46670 PHP CRITICAL POC PATCH GHSA Act Now

Unauthenticated SQL injection in YesWiki's Bazar form-import path allows any remote visitor to inject arbitrary SQL into an INSERT statement and exfiltrate the entire database, including yeswiki_users.password hashes. Affects YesWiki 4.6.1, 4.6.2, and the doryphore-dev branch prior to 4.6.4. Publicly available exploit code exists (a working Python PoC is published in the GHSA advisory), though no public exploit identified in CISA KEV at time of analysis.

PHP Python SQLi Docker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25606 HIGH PATCH This Week

SQL injection in STER (Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy) versions prior to 9.5 allows authenticated attackers to extract sensitive data by injecting crafted input into multiple Search Filter parameters. The CVSS 4.0 score of 8.7 reflects high confidentiality and integrity impact over the network with low attacker privileges required, and a vendor patch is available in version 9.5. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure SQLi Ster
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-4834 HIGH This Week

Unauthenticated SQL injection in the WP ERP Pro WordPress plugin (versions through 1.5.1) allows remote attackers to extract sensitive database contents by manipulating the 'search_key' parameter. The flaw stems from missing input escaping and unprepared SQL statements, enabling UNION-based or appended query attacks against any WordPress site running the affected plugin. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-48240 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 lets authenticated users tamper with backend database queries through the ajax/statistics.php endpoint by injecting payloads into the tick_id and f_tick_id POST parameters. The CVSS 4.0 score of 7.1 reflects high confidentiality impact with lower integrity impact, and while no public exploit is identified at time of analysis, this flaw is one of 19 SQL injection issues bundled into a single critical security release that the vendor urges all users to install immediately.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48239 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 lets authenticated users tamper with the incidents summary report query via the tick_id POST parameter in ajax/reports.php, enabling arbitrary read, modification, or destruction of database contents. The v3.44.2 release notes confirm the fix was part of a broader security overhaul addressing 19 SQL injection flaws and 69 XSS issues. No public exploit identified at time of analysis, and SSVC classifies exploitation status as 'none' with partial technical impact.

PHP SQLi
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48238 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via the unsanitized `id` GET parameter in `ajax/mobile_main.php`. The flaw permits arbitrary read, modification, or destruction of database contents, and is part of a broader batch of 19 SQL injection fixes shipped in v3.44.2. No public exploit identified at time of analysis, but the vendor explicitly classifies v3.44.2 as a 'Critical Security Update' urging immediate upgrade.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48237 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate backend database queries via the message.php endpoint, enabling unauthorized read, modification, or destruction of database contents. The flaw stems from unsanitized concatenation of the frm_ticket_id and frm_resp_id POST parameters into SELECT and UPDATE statements. No public exploit identified at time of analysis, though VulnCheck has published a dedicated advisory and the vendor's 3.44.2 release bundles fixes for 19 SQL injection issues across the codebase.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48236 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via unsanitized POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) in db_loader.php, enabling read, modification, or destruction of database contents. The vendor confirms this is one of 19 SQL injection flaws patched in v3.44.2, reported by VulnCheck. No public exploit identified at time of analysis, and the vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector).

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48235 HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows attackers controlling or impersonating an InstaMapper or Google Latitude GPS tracking endpoint to inject malicious SQL via unsanitized latitude, longitude, callsign, mph, altitude, and timestamp values parsed by incs/remotes.inc.php. The CVSS 4.0 base score of 8.8 reflects unauthenticated network exploitation with high confidentiality impact, and no public exploit is identified at time of analysis. The flaw was disclosed by VulnCheck and is one of 19 SQL injection issues patched in the v3.44.2 release.

PHP Google SQLi
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-48234 HIGH PATCH This Week

SQL injection in Open ISES Tickets versions prior to 3.44.2 allows authenticated attackers to manipulate ORDER BY clauses via the sort and dir GET parameters in portal/ajax/list_requests.php, enabling unauthorized read, modification, or destruction of database contents. The CVSS 4.0 score of 7.1 reflects network-reachable exploitation with low privileges and no user interaction required. No public exploit identified at time of analysis, but the vendor's own release notes describe this as part of a critical security update patching 19 SQL injection flaws across 11 files.

PHP SQLi
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48233 HIGH PATCH This Week

SQL injection in Open ISES Tickets prior to 3.44.2 allows authenticated attackers to manipulate database queries via the unsanitized 'offset' GET parameter in ajax/sit_incidents.php, which is concatenated directly into a LIMIT clause. Successful exploitation enables reading, modifying, or destroying database contents. No public exploit identified at time of analysis, though the underlying flaw is one of 19 SQL injection issues patched in the same release, indicating broad code-level weakness.

PHP SQLi
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48232 HIGH PATCH This Week

SQL injection in Open ISES Tickets versions prior to 3.44.2 allows authenticated attackers to manipulate database queries through the unsanitized offset parameter in ajax/fullsit_incidents.php. The flaw enables reading, modifying, or destroying database contents and is part of a broader v3.44.2 security release that patched 19 SQL injection issues. No public exploit identified at time of analysis, but the vendor classifies the update as critical and urges immediate upgrade.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-48231 HIGH PATCH This Week

SQL injection in Open ISES Tickets prior to 3.44.2 lets authenticated users tamper with database contents by abusing unsanitized POST parameters (tablename, indexname, sortby) in tables.php that are concatenated directly into SELECT, UPDATE, and DELETE identifier positions. The flaw is one of 19 SQLi issues fixed in the v3.44.2 release; no public exploit identified at time of analysis, but the vendor labels the release a Critical Security Update and urges immediate upgrade.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-39531 CRITICAL Act Now

Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.0) allows remote unauthenticated attackers to inject SQL commands through improperly neutralized input. With a CVSS 9.3 (scope-changed) rating from Patchstack, successful exploitation can expose sensitive database contents and partially impact availability across the WordPress installation. No public exploit identified at time of analysis and the plugin is not currently listed in CISA KEV.

SQLi Wp Directory Kit
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-44047 HIGH PATCH This Week

SQL injection in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to compromise the MySQL-backed CNID (Catalog Node ID) database used to track AppleTalk/AFP file metadata. The high CVSS 8.8 score (CVSS:3.1/AV:N/AC:L/PR:L/UI:N) reflects network-reachable exploitation with low privileges and high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis.

SQLi Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-9082 PHP MEDIUM POC KEV PATCH THREAT NEWS GHSA Act Now

SQL injection in Drupal Core across six major version branches (8.9.0 through 11.3.x) enables remote unauthenticated attackers to manipulate database queries with no required privileges or user interaction, as confirmed by CVSS vector AV:N/AC:L/PR:N/UI:N. The vulnerability yields partial confidentiality and integrity impact per CVSS - enabling data enumeration and limited data manipulation - but does not grant full database control or server compromise. No active exploitation is confirmed (not listed in CISA KEV; SSVC exploitation status: none), but SSVC flags this as automatable, making opportunistic mass scanning against the large global Drupal install base a credible near-term risk.

SQLi Drupal Core
NVD GitHub VulDB Exploit-DB
CVSS 3.1
6.5
EPSS
0.0%
Threat
4.3
CVE-2026-42383 HIGH This Week

Blind SQL injection in YITH WooCommerce Product Add-Ons (WordPress plugin) through version 4.29.0 allows high-privileged authenticated users to inject malicious SQL into database queries, leading to confidentiality compromise and limited availability impact across a changed security scope. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.6; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-9065 CRITICAL PATCH Act Now

SQL injection in SureCart WordPress plugin versions prior to 4.2.1 allows authenticated high-privileged attackers to extract arbitrary database contents via the /surecart/v1/integrations/{id} REST endpoint. The flaw stems from a sanitization bypass in the wp-query-builder component where payloads containing a dot character skip $wpdb->prepare() escaping entirely, enabling UNION-based data exfiltration. No public exploit identified at time of analysis, though Tenable Research has published technical details (TRA-2026-43).

WordPress SQLi
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-9059 CRITICAL PATCH Act Now

Authenticated SQL injection in NextGEN Gallery (WordPress plugin by Awesome Motive/Imagely) before version 4.2.1 allows attackers holding the 'NextGEN Gallery overview' capability - granted to Administrators by default - to inject arbitrary SQL via the 'orderby' parameter on the '/imagely/v1/galleries' and '/imagely/v1/albums' REST endpoints. CVSS 4.0 rates this 9.3 due to high confidentiality, integrity, and scope impact; no public exploit identified at time of analysis, but the issue was reported by Tenable Research (TRA-2026-42) and a vendor patch is available.

SQLi Nextgen Gallery
NVD
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-9003 HIGH This Week

SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. The flaw is reported through TWCERT and affects TONNET's TPR7308 product line per CPE data.

SQLi Tpr7308
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-9010 HIGH This Week

Unauthenticated SQL injection in the PixelYourSite Boost plugin for WordPress (versions up to and including 2.0.3) allows remote attackers to extract sensitive database contents via time-based blind SQLi in the 'current_url' and 'user_name' parameters. Wordfence reported the issue with a CVSS 7.5 (confidentiality-only impact); no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7472 MEDIUM This Month

Time-based blind SQL injection in the Read More & Accordion WordPress plugin (slug: expand-maker) through version 3.5.7 enables authenticated administrators to exfiltrate arbitrary database contents, including administrator password hashes, by manipulating the orderby GET parameter. The flaw exists in two data-retrieval functions in ReadMoreData.php, where user input bypasses effective sanitization and is concatenated unquoted into an ORDER BY SQL clause. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, though the high-confidentiality CVSS impact (C:H) reflects genuine data-exposure potential.

WordPress PHP Information Disclosure SQLi
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-3985 HIGH This Week

Unauthenticated SQL injection in the Creative Mail - Easier WordPress & WooCommerce Email Marketing plugin (versions up to and including 1.6.9) allows remote attackers to append arbitrary SQL clauses through the 'checkout_uuid' parameter handled by the has_checkout_consent() method. The flaw stems from missing escaping and the absence of a prepared statement, enabling extraction of sensitive database contents from any WordPress site running the vulnerable plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

WordPress SQLi
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8685 MEDIUM This Month

SQL Injection in the Infility Global WordPress plugin (all versions through 2.15.16) allows authenticated attackers holding only a Subscriber-level account to append arbitrary SQL to existing database queries and extract sensitive information. The vulnerability originates in the show_control_data::post_list() function, which is registered as an admin menu page gated only by the 'read' capability - the lowest WordPress capability tier. With CVSS C:H and no integrity or availability impact, the primary real-world risk is wholesale database exfiltration on any site with open user registration. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-44923 MEDIUM This Month

SQL injection in Veritas InfoScale Operations Manager (VIOM) prior to v9.1.3 enables remote, unauthenticated attackers to escalate privileges via crafted requests. The vulnerability is network-accessible with no authentication or user interaction required, and SSVC scoring confirms it is automatable, lowering the bar for mass exploitation. No public exploit or CISA KEV listing has been identified at time of analysis, but the unauthenticated attack surface and automatable classification make this a meaningful exposure for any internet-facing VIOM deployment.

SQLi
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-8912 HIGH This Week

SQL injection in the Contest Gallery WordPress plugin (versions through 28.1.6) allows unauthenticated remote attackers to extract sensitive database contents by abusing the 'form_input' parameter handled by the 'post_cg_gallery_form_upload' AJAX action. The endpoint is gated only by a public nonce that is exposed in the page source of any public gallery page, effectively offering no protection against external attackers. No public exploit identified at time of analysis, but the issue was disclosed by Wordfence and affects a publicly reachable PHP endpoint.

WordPress PHP SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-8827 PHP HIGH PATCH GHSA This Week

SQL injection in the TYPO3 'address_list' extension's AddressRepository::getSqlQuery() method allows remote attackers to manipulate database queries when the method is called with untrusted input. The flaw is latent - the vulnerable method is not invoked anywhere within the extension itself, so default installations are not exposed, but custom or third-party extensions that reuse this method become injection sinks. No public exploit identified at time of analysis, and no EPSS or KEV signal accompanies the advisory.

SQLi Extension Address List
NVD
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-8726 PHP HIGH PATCH GHSA This Week

SQL injection in the TYPO3 'news' extension allows unauthenticated remote attackers to inject arbitrary SQL through a URL parameter on pages that render the 'Date Menu of news articles' plugin. The flaw stems from missing sanitization of user input before it reaches a database query, and exposure is limited to sites that both use the affected plugin and have not enabled the TypoScript/plugin setting disableOverrideDemand. No public exploit identified at time of analysis.

SQLi Extension News System
NVD
CVSS 4.0
8.2
EPSS
0.1%
CVE-2026-31069 PHP HIGH GHSA This Week

SQL injection in BillaBear (all versions prior to January 2026) allows authenticated users holding the ROLE_ACCOUNT_MANAGER role to execute arbitrary SQL commands via the EventRepository component. The flaw stems from unsanitized filter identifier keys being concatenated into queries through sprintf(), and while no public exploit identified at time of analysis is listed in KEV, two CVE-referenced gists suggest detailed technical write-ups are publicly available. EPSS is very low (0.01%), but the high CVSS of 8.8 and clear exploitation path make this a meaningful risk for any deployed instance.

SQLi N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-40930 MEDIUM This Month

Chunk-smuggling in libpng-apng's push-mode APNG parser allows a remote unauthenticated attacker to cause integrity violations and availability disruption when a victim processes a specially crafted APNG file. The flaw - classified under CWE-436 (Interpretation Conflict) - stems from incorrect sequencing of CRC finalization and frame sequence number validation for fcTL and fdAT chunks in pngpread.c, enabling maliciously ordered chunk boundaries to bypass expected parser state transitions. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog; however, it represents a meaningful risk for any image-processing pipeline or application accepting user-supplied APNG data from untrusted sources.

RCE Apache SQLi PostgreSQL
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-8851 HIGH PATCH This Week

SQL injection in SOGo 5.12.7 (Alinto's open-source groupware/webmail platform) allows authenticated users to exfiltrate arbitrary database contents by injecting subqueries through the uid parameter of the addUserInAcls endpoint, then reading the staged data back via the /acls API. The flaw, reported by VulnCheck (with credit to dninh of SACOMBANK), is fixed in 5.12.8; no public exploit identified at time of analysis and the CVE is not on CISA KEV.

SQLi Sogo Webmail
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-6379 HIGH POC PATCH This Week

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.

WordPress SQLi
NVD WPScan
CVSS 3.1
8.6
EPSS
0.0%
CVE-2026-8785 MEDIUM POC This Month

SQL injection in projectworlds Hospital Management System in PHP 1.0 enables unauthenticated remote attackers to extract or modify patient data through the appointment_no parameter in update_info.php. The vulnerability has publicly available exploit code and affects the getAllPatientDetail function, with the vendor notified but unresponsive.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8772 LOW Monitor

SQL injection in linlinjava litemall 1.8.0 and earlier allows high-privileged remote attackers to read and modify database contents via crafted requests to multiple Admin Endpoint functions. Public exploit code available (EPSS probability unknown from provided data). Attack requires administrative credentials (PR:H) but achieves confidentiality, integrity, and availability impact on vulnerable component (VC:L/VI:L/VA:L). Despite CVSS 4.0 score of 2.0 (Low severity due to high privilege requirement), the existence of public POC and lack of vendor response elevates practical risk for installations where admin accounts may be compromised.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-8771 Maven MEDIUM This Month

SQL injection in litemall WeChat API allows unauthenticated remote attackers to extract, modify, or delete database contents via crafted queries to the goods listing endpoint. Publicly available exploit code exists targeting the WxGoodsController.list() function in versions up to 1.8.0. Vendor unresponsive to disclosure. EPSS data unavailable, but public POC and network accessibility (CVSS AV:N/AC:L/PR:N) indicate moderate exploitation risk for exposed instances.

Java SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2018-25339 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25338 HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25333 HIGH POC This Week

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25330 HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Joomla Extension Ekrishta
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2018-25319 HIGH POC This Week

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-8734 MEDIUM POC This Month

SQL injection in Oinone Pamirs versions up to 7.2.0 allows remote unauthenticated attackers to read, modify, or delete database records via the queryListByWrapper interface. The RSQLToSQLNodeConnector.makeVariable function fails to properly sanitize input, enabling direct database manipulation. A publicly available proof-of-concept exploit exists (GitHub issue #12), and the vendor has not responded to disclosure attempts. EPSS data unavailable, not listed in CISA KEV. CVSS 5.5 (Medium) reflects confidentiality, integrity, and availability impacts all rated Low with network-accessible, low-complexity exploitation requiring no authentication.

SQLi Pamirs
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-8724 LOW POC Monitor

SQL injection in Dataease 2.10.20's Data Dashboard component allows authenticated high-privilege attackers to execute arbitrary SQL queries via the SqlparserUtils.transFilter function. The vulnerability requires administrative access (CVSS PR:H) but enables database manipulation including data exfiltration, modification, and potential service disruption. Public exploit code exists on GitHub (xpp3901/CVE_APPLY), lowering the barrier for exploitation despite the high privilege requirement. The CVSS base score of 4.7 reflects limited scope due to authentication requirements, though real-world impact depends on admin credential security.

Java SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2021-47980 HIGH POC This Week

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuel Cms
NVD Exploit-DB GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2021-47956 HIGH POC This Week

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2021-47954 HIGH POC This Week

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37244 HIGH POC This Week

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37243 HIGH POC This Week

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Pricing Table
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2020-37242 HIGH POC This Week

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ultimate Maps
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-45800 HIGH PATCH This Week

SQL injection in Vvveb CMS versions before 1.0.8.3 allows authenticated frontend users to execute arbitrary SQL queries through the order history page. The vulnerability exists in the /user/orders endpoint where order_by and direction parameters are directly concatenated into SQL queries without sanitization, enabling database compromise with low-privileged user credentials. The vendor has released version 1.0.8.3 to address this issue.

SQLi Vvveb
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-46364 PHP CRITICAL POC PATCH GHSA Act Now

Unauthenticated SQL injection in phpMyFAQ before 4.1.2 allows remote attackers to extract credentials, admin tokens, and SMTP secrets by sending a crafted User-Agent header to the public GET /api/captcha endpoint. The flaw sits in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha(), which interpolate the header into DELETE and INSERT statements via sprintf with no escaping. No public exploit identified at time of analysis, though VulnCheck has published a detailed reachability writeup and a verified time-based blind PoC payload appears in the GHSA advisory.

Information Disclosure SQLi Phpmyfaq
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-46359 PHP HIGH PATCH GHSA This Week

SQL injection in phpMyFAQ prior to 4.1.2 allows attackers authenticating through Azure AD/Entra ID OAuth to execute arbitrary database queries by embedding SQL metacharacters in their identity provider display name or JWT claims. The CurrentUser::setTokenData() method interpolates OAuth token fields into an UPDATE statement via sprintf without calling the database escape routine, while sibling methods in the same file correctly escape input. Publicly available exploit code exists per VulnCheck and the GHSA advisory, though EPSS is low (0.03%, 9th percentile) and the issue is not in CISA KEV.

Microsoft SQLi
NVD GitHub VulDB
CVSS 4.0
7.7
EPSS
0.0%
CVE-2021-47966 HIGH POC This Week

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-7046 MEDIUM This Month

Time-based blind SQL injection in NEX-Forms Ultimate Forms Plugin for WordPress through version 9.1.12 allows authenticated administrators to extract sensitive database information by injecting arbitrary SQL queries via the insufficiently escaped 'table' parameter. The vulnerability requires administrator-level access and is not actively exploited in public records, but poses significant risk to multi-admin WordPress installations where admin accounts may be compromised or untrusted.

SQLi WordPress
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-42847 HIGH PATCH This Week

SQL injection in ClipBucket v5's admin panel allows authenticated administrators to exfiltrate database contents via the action_logs.php endpoint. The type parameter is directly concatenated into SQL queries without parameterization, enabling UNION-based attacks to extract sensitive data including user credentials, video metadata, and system configuration. Affects all versions prior to 5.5.3 - #122. No active exploitation confirmed (not in CISA KEV), but the technical barrier is low given the straightforward injection point and admin access requirement.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45288 NuGet CRITICAL PATCH GHSA Act Now

SQL injection in Marten's PostgreSQL full-text search APIs allows remote unauthenticated attackers to execute arbitrary database commands when applications pass user-controlled input to the regConfig parameter. The vulnerability affects all five search method overloads (SearchAsync, PlainTextSearchAsync, PhraseSearchAsync, WebStyleSearchAsync, PrefixSearchAsync) where the regConfig parameter is interpolated directly into SQL without validation. Confirmed exploit payloads demonstrate time-based blind extraction, information disclosure via SELECT statements, and DDL execution including table drops. Vendor-released patch available in Marten 8.37.0 via GitHub PR #4343. No public exploit identified at time of analysis, though the advisory includes working proof-of-concept payloads for all affected methods.

SQLi PostgreSQL Information Disclosure
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-44792 npm HIGH PATCH GHSA This Week

SQL injection in n8n workflow automation platform allows an attacker with write access to a connected git repository to execute arbitrary SQL against the internal PostgreSQL database when an administrator performs a Source Control Pull. The flaw stems from unsafe handling of column names within Data Table JSON files imported during sync. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.04%.

PostgreSQL SQLi
NVD GitHub VulDB
CVSS 4.0
8.9
EPSS
0.0%
CVE-2026-6638 LOW PATCH Monitor

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION REFRESH PUBLICATION allows authenticated local or network users with table creation privileges to execute arbitrary SQL queries with the publication subscriber's credentials. The attack is deferred until the next REFRESH PUBLICATION command is executed, requiring user interaction or scheduled maintenance. PostgreSQL 16.x, 17.x, and 18.x versions prior to 16.14, 17.10, and 18.4 respectively are vulnerable; earlier versions are unaffected. No public exploit code or active exploitation has been identified.

PostgreSQL SQLi
NVD VulDB
CVSS 3.1
3.7
EPSS
0.0%
CVE-2026-6637 HIGH PATCH This Week

Stack buffer overflow in PostgreSQL's refint module allows low-privileged database users to execute arbitrary code as the database operating system user across all supported versions before 14.23, 15.18, 16.14, 17.10, and 18.4. The vulnerability enables two distinct attack paths: direct stack overflow leading to OS-level code execution, and SQL injection when applications expose user-controlled columns configured as refint cascade primary keys. With CVSS 8.8 (AV:N/AC:L/PR:L) and network-based exploitation requiring only low-privilege database credentials, this represents a critical privilege escalation risk for PostgreSQL deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Stack Overflow SQLi Buffer Overflow PostgreSQL RCE +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-6476 HIGH PATCH This Week

SQL injection in PostgreSQL's pg_createsubscriber utility escalates privileges from pg_create_subscription to superuser, enabling arbitrary SQL execution. Affects PostgreSQL versions 17.0-17.9 and 18.0-18.3; exploitation requires high-privilege access (pg_create_subscription rights) but occurs remotely without additional complexity. Attack triggers when pg_createsubscriber next executes. Fixed in PostgreSQL 18.4 and 17.10. No CISA KEV listing or public exploit identified at time of analysis, but the technical simplicity (AC:L) and privilege escalation nature present moderate risk for multi-tenant or hosted PostgreSQL environments where subscription management permissions are delegated.

PostgreSQL SQLi Suse
NVD VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-11024 CRITICAL PATCH Act Now

Remote unauthenticated SQL injection in Akilli Commerce Software Technologies E-Commerce Website before version 4.5.001 allows complete database compromise without authentication. The vulnerability permits blind SQL injection attacks with network-level access and low complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), achieving full confidentiality, integrity, and availability impact (9.8 critical severity). TR-CERT (Turkish national CERT) published this advisory, indicating regional significance for Turkish e-commerce deployments. No public exploit identified at time of analysis, with EPSS risk data and CISA KEV status unavailable for initial assessment.

SQLi E Commerce Website
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-6225 MEDIUM This Month

Time-based blind SQL injection in the Taskbuilder - Project Management & Task Management Tool With Kanban Board WordPress plugin (all versions through 5.0.6) enables authenticated attackers with Subscriber-level access or above to exfiltrate arbitrary data from the underlying database via the 'project_search' parameter. The vulnerability stems from unsanitized user input being passed into an unprepared SQL query, exposing confidential database contents including user credentials, configuration data, and application records. No public exploit code has been identified at time of analysis, EPSS probability is very low at 0.03%, and CISA has not added this to the Known Exploited Vulnerabilities catalog.

SQLi WordPress Taskbuilder Project Management Task Management Tool With Kanban Board
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46446 HIGH PATCH This Week

SQL injection in SOGo versions prior to 5.12.7 allows authenticated users to inject arbitrary SQL when changing their password, provided the deployment uses PostgreSQL or MariaDB as the user backend and stores cleartext passwords. The flaw resides in the changePasswordForLogin routine where the new password value is interpolated directly into an UPDATE statement (c_password = '%@'). No public exploit identified at time of analysis, EPSS is very low (0.03%), and SSVC marks exploitation as 'none' - but the patched upstream code (PR #379, fixed in 5.12.7) confirms the vulnerability.

SQLi PostgreSQL Sogo
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-46445 HIGH PATCH This Week

SQL injection in Alinto SOGo versions prior to 5.12.7 allows authenticated remote attackers to manipulate database queries when the groupware is deployed against a PostgreSQL backend. The flaw stems from improper quoting in the SQLSource authentication and contact-lookup paths, which an attacker can leverage to read or modify data with high confidentiality and integrity impact. No public exploit identified at time of analysis and EPSS is very low (0.03%), but a vendor patch and upstream code fix are available.

SQLi PostgreSQL Sogo
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-5486 MEDIUM This Month

SQL Injection in the Unlimited Elements for Elementor WordPress plugin (versions up to and including 2.0.7) allows authenticated attackers holding at least Contributor-level access to extract sensitive database contents by injecting arbitrary SQL into the 'data[filter_search]' parameter of the get_cat_addons AJAX action. The vulnerability is the product of two chained weaknesses: the plugin's normalizeAjaxInputData() function actively undoes WordPress's built-in magic-quote protection via stripslashes(), and the deprecated wpdb->_escape() method then fails to safely handle the exposed input before it is concatenated directly into a LIKE clause. Reported by Wordfence and tracked as EUVD-2026-30214, no public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, though the confidentiality impact is rated High, enabling full database read access for a successful attacker.

SQLi WordPress Unlimited Elements For Elementor Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-29206 HIGH PATCH This Week

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. EPSS is low (0.03%) and SSVC marks exploitation as 'none', but technical impact is rated total because the injection runs with full database privileges.

SQLi Cpanel Wp Squared Cpanel Cloudlinux 6 Centos 6
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-44447 HIGH PATCH This Week

SQL injection in ERPNext versions prior to 16.9.0 allows authenticated remote attackers to extract sensitive data by sending specially crafted requests to vulnerable endpoints. The Frappe-maintained ERP platform requires low-privileged authentication (PR:L) but has high impact on confidentiality, integrity, and availability per CVSS 8.8. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44446 HIGH PATCH This Week

SQL injection in ERPNext (Frappe's open-source ERP platform) prior to 15.104.3 and 16.14.0 allows authenticated remote attackers to extract sensitive database contents by sending crafted requests to vulnerable endpoints. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though EPSS sits at 0.04% and SSVC reports no observed exploitation, indicating this is a high-severity but currently unexploited issue. No public exploit identified at time of analysis.

SQLi Erpnext
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-44418 HIGH This Week

SQL injection in EcclesiaCRM 8.0.0 and earlier allows authenticated remote attackers to execute arbitrary SQL queries through the query view feature. The flaw stems from an incomplete fix for CVE-2026-35184: the ValidateInput() function's default case passes user-supplied POST parameters directly into str_replace-based SQL construction without sanitization when non-standard validation types are used. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at just 0.03%.

SQLi Ecclesiacrm
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-44381 CRITICAL POC PATCH Act Now

SQL injection in MISP threat intelligence platform versions prior to 2.5.37 allows remote unauthenticated attackers to manipulate ORDER BY clauses in event and shadow attribute listing endpoints by supplying crafted ordering parameters. The CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.04% and no public exploit identified at time of analysis. Given MISP's role as a repository of sensitive threat-intelligence data shared between organizations, successful exploitation could expose IOCs, attribution data, and partner-shared intelligence.

Authentication Bypass SQLi Misp
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-45054 MEDIUM PATCH This Month

SQL injection in CubeCart v6 prior to 6.7.0 allows an authenticated administrator to execute arbitrary SQL against the store database via the unsanitized ORDER BY clause on the admin transactions listing page. The admin.php orders-transactions endpoint passes attacker-controlled GET parameters directly into a raw SQL fragment, bypassing the platform's sqlSafe() function which only escapes quote characters - none of which are required for ORDER BY injection. An attacker with at minimum CC_PERM_READ permission on orders can leverage time-based blind SQL injection to extract admin password hashes, customer PII, and integrated payment-gateway credentials. No public exploit identified at time of analysis, though SSVC data indicates POC code exists; the EPSS score of 0.03% (9th percentile) reflects limited observed exploitation interest.

PHP SQLi V6
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-39358 HIGH PATCH This Week

Authenticated SQL injection in CubeCart v6.x prior to 6.6.0 allows administrative users to execute arbitrary SQL commands through unsanitized sorting parameters on Products and Logs endpoints. Per SSVC, a proof-of-concept exists but the vulnerability is not in CISA KEV, and EPSS scoring (0.03%) reflects very low predicted exploitation activity due to the high-privilege prerequisite.

SQLi V6
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-22599 npm CRITICAL PATCH GHSA Act Now

{ isRaw: true }]` tuple, which is passed directly into Knex's `db.connection.raw()` without sanitization. Affected versions are @strapi/content-type-builder <=5.33.1 (v5) and @strapi/plugin-content-type-builder <=4.26.0 (v4), with impact ranging from arbitrary file read and denial of service to remote code execution on database engines that permit external program execution. No public exploit identified at time of analysis; EPSS is low at 0.13% and CISA SSVC notes exploitation status of 'none', though vendor-confirmed remediation is available.

Denial Of Service SQLi RCE
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-0242 MEDIUM PATCH This Month

SQL injection in Palo Alto Networks Trust Protection Foundation exposes the platform database to arbitrary command execution by authenticated attackers on an adjacent network. Affected versions span four active release trains (24.1.x, 24.3.x, 25.1.x, 25.3.x), with successful exploitation enabling full database read/write access and privilege escalation to administrative control. No public exploit code exists and no active exploitation has been identified; EPSS sits at 0.01% and SSVC exploitation status is 'none', but the SSVC technical impact rating of 'total' underscores the severity of a successful attack.

Information Disclosure SQLi Trust Protection Foundation
NVD
CVSS 4.0
6.1
EPSS
0.0%
CVE-2020-37226 HIGH POC This Week

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2 Jobs
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2020-37224 HIGH POC This Week

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2 Jobs
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2020-37218 HIGH POC This Week

Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-4608 MEDIUM This Month

ProfileGrid User Profiles plugin for WordPress versions up to 5.9.8.4 allow authenticated attackers with Subscriber-level access to execute blind SQL injection attacks via the 'rid' parameter due to insufficient input escaping and lack of prepared statement use. The vulnerability enables extraction of sensitive database information without user interaction. No public exploit code or active exploitation has been confirmed at this time.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-4798 HIGH This Week

Time-based SQL injection in Avada Builder for WordPress allows remote unauthenticated attackers to extract sensitive database information via the 'product_order' parameter. CVSS 7.5 (High) reflects network-accessible attack vector with no authentication required, but exploitation is limited to specific deployments where WooCommerce was previously installed then deactivated. No active exploitation confirmed (not in CISA KEV), but vulnerability disclosed by Wordfence Threat Intelligence with technical details publicly available.

SQLi WordPress
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6929 HIGH This Week

Time-based blind SQL injection in JoomSport WordPress plugin (all versions ≤5.7.7) enables unauthenticated remote attackers to extract sensitive database contents including credentials, user data, and configuration secrets via the unsanitized 'sortf' parameter. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS data not provided; no CISA KEV listing indicates exploitation not yet confirmed in the wild. Wordfence Threat Intel reported this vulnerability with proof-of-concept code references pointing to specific vulnerable functions in class-jsport-getplayers.php and class-jsport-playerlist.php, enabling straightforward exploitation by security researchers and threat actors alike.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-7619 MEDIUM This Month

SQL injection in Charitable - Donation Plugin for WordPress versions up to 1.8.10.4 allows authenticated users with donation management admin privileges to inject malicious SQL via the 's' search parameter, enabling extraction of sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage in the donation search functionality. Attack requires administrator-level access to the donation management area (edit_others_donations capability), limiting scope to internal threats but carrying high confidentiality impact.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-6888 HIGH NEWS This Week

SQL injection in multiple Advantech industrial IoT platforms allows remote authenticated attackers with high privileges to execute arbitrary database commands. Affected products include WebAccess/SCADA, SaaS Composer, IoTSuite Growth/Starter, and IoT Edge across Windows and Linux Docker deployments. The vulnerability enables complete database compromise - attackers can read sensitive industrial control system data, modify configurations, or delete critical operational information. CVSS 7.2 reflects high impact across confidentiality, integrity, and availability, though exploitation requires administrative credentials (PR:H), significantly limiting attack surface compared to unauthenticated SQL injection vulnerabilities.

SQLi Saas Composer Iotsuite Growth Linux Docker Iotsuite Starter Linux Docker Iot Edge Linux Docker +4
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-37429 MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) exposes sensitive database contents, including user PII, to unauthenticated remote attackers via the `datascope` parameter in `SysUserMapper.xml`. The vulnerability requires no authentication, no user interaction, and is reachable over the network, making automated exploitation feasible. SSVC assessment confirms exploitation has not been observed and EPSS sits at 0.03% (9th percentile), indicating low current exploitation interest despite the permissive attack surface.

SQLi N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-37428 MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) via the unsanitized `datascope` parameter in `SysDeptMapper.xml` allows remote database access without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated, network-accessible, low-complexity exploitation yielding partial confidentiality and integrity impact, including exposure of users' PII from the backend database. Publicly available exploit code exists via GitHub-hosted writeups and proof-of-concept scripts, though EPSS sits at 0.03% (9th percentile) and SSVC reports no confirmed active exploitation at time of analysis.

SQLi N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH POC This Week

WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

WordPress Form Maker Plugin 1.12.24 and below contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through the. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Smartshop 1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'searched' parameter in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in QuantumNous new-api versions up to 0.12.1 allows authenticated remote attackers to manipulate database queries through the SearchUserTopUps and SearchAllTopUps functions in the self endpoint. The vulnerability exists in model/topup.go with confirmed public exploit code available on GitHub. With EPSS data unavailable and CVSS 6.3 (medium severity), the primary risk stems from the low-complexity exploitation requiring only low-level authentication, enabling attackers to exfiltrate sensitive data, modify records, or potentially execute denial-of-service attacks against the database layer.

SQLi New Api
NVD VulDB GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated SQL injection in Best Practical's Request Tracker (RT) ticketing system affects versions 5.0.0-5.0.9 and 6.0.0-6.0.2 via the entry_aggregator parameter in the JSON search endpoint, allowing any logged-in RT user to read or modify arbitrary data in the underlying database. The flaw was disclosed alongside the rt-5.0.10/6.0.3 release on 2026-05-20 and carries CVSS 8.8 due to high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

SQLi Rt
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

Unauthenticated SQL injection in YesWiki's Bazar form-import path allows any remote visitor to inject arbitrary SQL into an INSERT statement and exfiltrate the entire database, including yeswiki_users.password hashes. Affects YesWiki 4.6.1, 4.6.2, and the doryphore-dev branch prior to 4.6.4. Publicly available exploit code exists (a working Python PoC is published in the GHSA advisory), though no public exploit identified in CISA KEV at time of analysis.

PHP Python SQLi +1
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in STER (Centralny Instytut Ochrony Pracy - Państwowy Instytut Badawczy) versions prior to 9.5 allows authenticated attackers to extract sensitive data by injecting crafted input into multiple Search Filter parameters. The CVSS 4.0 score of 8.7 reflects high confidentiality and integrity impact over the network with low attacker privileges required, and a vendor patch is available in version 9.5. There is no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Information Disclosure SQLi Ster
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated SQL injection in the WP ERP Pro WordPress plugin (versions through 1.5.1) allows remote attackers to extract sensitive database contents by manipulating the 'search_key' parameter. The flaw stems from missing input escaping and unprepared SQL statements, enabling UNION-based or appended query attacks against any WordPress site running the affected plugin. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

WordPress SQLi
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 lets authenticated users tamper with backend database queries through the ajax/statistics.php endpoint by injecting payloads into the tick_id and f_tick_id POST parameters. The CVSS 4.0 score of 7.1 reflects high confidentiality impact with lower integrity impact, and while no public exploit is identified at time of analysis, this flaw is one of 19 SQL injection issues bundled into a single critical security release that the vendor urges all users to install immediately.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 lets authenticated users tamper with the incidents summary report query via the tick_id POST parameter in ajax/reports.php, enabling arbitrary read, modification, or destruction of database contents. The v3.44.2 release notes confirm the fix was part of a broader security overhaul addressing 19 SQL injection flaws and 69 XSS issues. No public exploit identified at time of analysis, and SSVC classifies exploitation status as 'none' with partial technical impact.

PHP SQLi
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via the unsanitized `id` GET parameter in `ajax/mobile_main.php`. The flaw permits arbitrary read, modification, or destruction of database contents, and is part of a broader batch of 19 SQL injection fixes shipped in v3.44.2. No public exploit identified at time of analysis, but the vendor explicitly classifies v3.44.2 as a 'Critical Security Update' urging immediate upgrade.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate backend database queries via the message.php endpoint, enabling unauthorized read, modification, or destruction of database contents. The flaw stems from unsanitized concatenation of the frm_ticket_id and frm_resp_id POST parameters into SELECT and UPDATE statements. No public exploit identified at time of analysis, though VulnCheck has published a dedicated advisory and the vendor's 3.44.2 release bundles fixes for 19 SQL injection issues across the codebase.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows authenticated attackers to manipulate database queries via unsanitized POST parameters (ticketsdb, ticketshost, ticketsuser, ticketspassword) in db_loader.php, enabling read, modification, or destruction of database contents. The vendor confirms this is one of 19 SQL injection flaws patched in v3.44.2, reported by VulnCheck. No public exploit identified at time of analysis, and the vulnerability requires low-privilege authentication (PR:L per CVSS 4.0 vector).

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in Open ISES Tickets before 3.44.2 allows attackers controlling or impersonating an InstaMapper or Google Latitude GPS tracking endpoint to inject malicious SQL via unsanitized latitude, longitude, callsign, mph, altitude, and timestamp values parsed by incs/remotes.inc.php. The CVSS 4.0 base score of 8.8 reflects unauthenticated network exploitation with high confidentiality impact, and no public exploit is identified at time of analysis. The flaw was disclosed by VulnCheck and is one of 19 SQL injection issues patched in the v3.44.2 release.

PHP Google SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets versions prior to 3.44.2 allows authenticated attackers to manipulate ORDER BY clauses via the sort and dir GET parameters in portal/ajax/list_requests.php, enabling unauthorized read, modification, or destruction of database contents. The CVSS 4.0 score of 7.1 reflects network-reachable exploitation with low privileges and no user interaction required. No public exploit identified at time of analysis, but the vendor's own release notes describe this as part of a critical security update patching 19 SQL injection flaws across 11 files.

PHP SQLi
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets prior to 3.44.2 allows authenticated attackers to manipulate database queries via the unsanitized 'offset' GET parameter in ajax/sit_incidents.php, which is concatenated directly into a LIMIT clause. Successful exploitation enables reading, modifying, or destroying database contents. No public exploit identified at time of analysis, though the underlying flaw is one of 19 SQL injection issues patched in the same release, indicating broad code-level weakness.

PHP SQLi
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets versions prior to 3.44.2 allows authenticated attackers to manipulate database queries through the unsanitized offset parameter in ajax/fullsit_incidents.php. The flaw enables reading, modifying, or destroying database contents and is part of a broader v3.44.2 security release that patched 19 SQL injection issues. No public exploit identified at time of analysis, but the vendor classifies the update as critical and urges immediate upgrade.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Open ISES Tickets prior to 3.44.2 lets authenticated users tamper with database contents by abusing unsanitized POST parameters (tablename, indexname, sortby) in tables.php that are concatenated directly into SELECT, UPDATE, and DELETE identifier positions. The flaw is one of 19 SQLi issues fixed in the v3.44.2 release; no public exploit identified at time of analysis, but the vendor labels the release a Critical Security Update and urges immediate upgrade.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the WP Directory Kit WordPress plugin (versions up to and including 1.5.0) allows remote unauthenticated attackers to inject SQL commands through improperly neutralized input. With a CVSS 9.3 (scope-changed) rating from Patchstack, successful exploitation can expose sensitive database contents and partially impact availability across the WordPress installation. No public exploit identified at time of analysis and the plugin is not currently listed in CISA KEV.

SQLi Wp Directory Kit
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in Netatalk 3.1.0 through 4.4.2 allows authenticated remote attackers to compromise the MySQL-backed CNID (Catalog Node ID) database used to track AppleTalk/AFP file metadata. The high CVSS 8.8 score (CVSS:3.1/AV:N/AC:L/PR:L/UI:N) reflects network-reachable exploitation with low privileges and high impact to confidentiality, integrity, and availability; no public exploit identified at time of analysis.

SQLi Suse
NVD VulDB
EPSS 0% 4.3 CVSS 6.5
MEDIUM POC KEV PATCH THREAT Act Now

SQL injection in Drupal Core across six major version branches (8.9.0 through 11.3.x) enables remote unauthenticated attackers to manipulate database queries with no required privileges or user interaction, as confirmed by CVSS vector AV:N/AC:L/PR:N/UI:N. The vulnerability yields partial confidentiality and integrity impact per CVSS - enabling data enumeration and limited data manipulation - but does not grant full database control or server compromise. No active exploitation is confirmed (not listed in CISA KEV; SSVC exploitation status: none), but SSVC flags this as automatable, making opportunistic mass scanning against the large global Drupal install base a credible near-term risk.

SQLi Drupal Core
NVD GitHub VulDB Exploit-DB
EPSS 0% CVSS 7.6
HIGH This Week

Blind SQL injection in YITH WooCommerce Product Add-Ons (WordPress plugin) through version 4.29.0 allows high-privileged authenticated users to inject malicious SQL into database queries, leading to confidentiality compromise and limited availability impact across a changed security scope. The flaw was disclosed by Patchstack and carries a CVSS 3.1 score of 7.6; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

WordPress SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

SQL injection in SureCart WordPress plugin versions prior to 4.2.1 allows authenticated high-privileged attackers to extract arbitrary database contents via the /surecart/v1/integrations/{id} REST endpoint. The flaw stems from a sanitization bypass in the wp-query-builder component where payloads containing a dot character skip $wpdb->prepare() escaping entirely, enabling UNION-based data exfiltration. No public exploit identified at time of analysis, though Tenable Research has published technical details (TRA-2026-43).

WordPress SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Authenticated SQL injection in NextGEN Gallery (WordPress plugin by Awesome Motive/Imagely) before version 4.2.1 allows attackers holding the 'NextGEN Gallery overview' capability - granted to Administrators by default - to inject arbitrary SQL via the 'orderby' parameter on the '/imagely/v1/galleries' and '/imagely/v1/albums' REST endpoints. CVSS 4.0 rates this 9.3 due to high confidentiality, integrity, and scope impact; no public exploit identified at time of analysis, but the issue was reported by Tenable Research (TRA-2026-42) and a vendor patch is available.

SQLi Nextgen Gallery
NVD
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in TONNET's E-LAN Hybrid Recording System allows unauthenticated remote attackers to execute arbitrary SQL queries and exfiltrate database contents over the network. The CVSS 4.0 score of 8.7 reflects high confidentiality impact with no required privileges or user interaction, and no public exploit identified at time of analysis. The flaw is reported through TWCERT and affects TONNET's TPR7308 product line per CPE data.

SQLi Tpr7308
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated SQL injection in the PixelYourSite Boost plugin for WordPress (versions up to and including 2.0.3) allows remote attackers to extract sensitive database contents via time-based blind SQLi in the 'current_url' and 'user_name' parameters. Wordfence reported the issue with a CVSS 7.5 (confidentiality-only impact); no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

WordPress SQLi
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Time-based blind SQL injection in the Read More & Accordion WordPress plugin (slug: expand-maker) through version 3.5.7 enables authenticated administrators to exfiltrate arbitrary database contents, including administrator password hashes, by manipulating the orderby GET parameter. The flaw exists in two data-retrieval functions in ReadMoreData.php, where user input bypasses effective sanitization and is concatenated unquoted into an ORDER BY SQL clause. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog, though the high-confidentiality CVSS impact (C:H) reflects genuine data-exposure potential.

WordPress PHP Information Disclosure +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated SQL injection in the Creative Mail - Easier WordPress & WooCommerce Email Marketing plugin (versions up to and including 1.6.9) allows remote attackers to append arbitrary SQL clauses through the 'checkout_uuid' parameter handled by the has_checkout_consent() method. The flaw stems from missing escaping and the absence of a prepared statement, enabling extraction of sensitive database contents from any WordPress site running the vulnerable plugin. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

WordPress SQLi
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL Injection in the Infility Global WordPress plugin (all versions through 2.15.16) allows authenticated attackers holding only a Subscriber-level account to append arbitrary SQL to existing database queries and extract sensitive information. The vulnerability originates in the show_control_data::post_list() function, which is registered as an admin menu page gated only by the 'read' capability - the lowest WordPress capability tier. With CVSS C:H and no integrity or availability impact, the primary real-world risk is wholesale database exfiltration on any site with open user registration. No public exploit has been identified at time of analysis, and this CVE does not appear in the CISA KEV catalog.

WordPress SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in Veritas InfoScale Operations Manager (VIOM) prior to v9.1.3 enables remote, unauthenticated attackers to escalate privileges via crafted requests. The vulnerability is network-accessible with no authentication or user interaction required, and SSVC scoring confirms it is automatable, lowering the bar for mass exploitation. No public exploit or CISA KEV listing has been identified at time of analysis, but the unauthenticated attack surface and automatable classification make this a meaningful exposure for any internet-facing VIOM deployment.

SQLi
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection in the Contest Gallery WordPress plugin (versions through 28.1.6) allows unauthenticated remote attackers to extract sensitive database contents by abusing the 'form_input' parameter handled by the 'post_cg_gallery_form_upload' AJAX action. The endpoint is gated only by a public nonce that is exposed in the page source of any public gallery page, effectively offering no protection against external attackers. No public exploit identified at time of analysis, but the issue was disclosed by Wordfence and affects a publicly reachable PHP endpoint.

WordPress PHP SQLi
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

SQL injection in the TYPO3 'address_list' extension's AddressRepository::getSqlQuery() method allows remote attackers to manipulate database queries when the method is called with untrusted input. The flaw is latent - the vulnerable method is not invoked anywhere within the extension itself, so default installations are not exposed, but custom or third-party extensions that reuse this method become injection sinks. No public exploit identified at time of analysis, and no EPSS or KEV signal accompanies the advisory.

SQLi Extension Address List
NVD
EPSS 0% CVSS 8.2
HIGH PATCH This Week

SQL injection in the TYPO3 'news' extension allows unauthenticated remote attackers to inject arbitrary SQL through a URL parameter on pages that render the 'Date Menu of news articles' plugin. The flaw stems from missing sanitization of user input before it reaches a database query, and exposure is limited to sites that both use the affected plugin and have not enabled the TypoScript/plugin setting disableOverrideDemand. No public exploit identified at time of analysis.

SQLi Extension News System
NVD
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in BillaBear (all versions prior to January 2026) allows authenticated users holding the ROLE_ACCOUNT_MANAGER role to execute arbitrary SQL commands via the EventRepository component. The flaw stems from unsanitized filter identifier keys being concatenated into queries through sprintf(), and while no public exploit identified at time of analysis is listed in KEV, two CVE-referenced gists suggest detailed technical write-ups are publicly available. EPSS is very low (0.01%), but the high CVSS of 8.8 and clear exploitation path make this a meaningful risk for any deployed instance.

SQLi N A
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Chunk-smuggling in libpng-apng's push-mode APNG parser allows a remote unauthenticated attacker to cause integrity violations and availability disruption when a victim processes a specially crafted APNG file. The flaw - classified under CWE-436 (Interpretation Conflict) - stems from incorrect sequencing of CRC finalization and frame sequence number validation for fcTL and fdAT chunks in pngpread.c, enabling maliciously ordered chunk boundaries to bypass expected parser state transitions. No public exploit code exists at time of analysis and this vulnerability is not listed in the CISA KEV catalog; however, it represents a meaningful risk for any image-processing pipeline or application accepting user-supplied APNG data from untrusted sources.

RCE Apache SQLi +1
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

SQL injection in SOGo 5.12.7 (Alinto's open-source groupware/webmail platform) allows authenticated users to exfiltrate arbitrary database contents by injecting subqueries through the uid parameter of the addUserInAcls endpoint, then reading the staged data back via the /acls API. The flaw, reported by VulnCheck (with credit to dninh of SACOMBANK), is fixed in 5.12.8; no public exploit identified at time of analysis and the CVE is not on CISA KEV.

SQLi Sogo Webmail
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

The WP Photo Album Plus WordPress plugin before 9.1.11.001 does not properly sanitize and escape a parameter before using it in a SQL query, allowing unauthenticated users to perform SQL injection attacks.

WordPress SQLi
NVD WPScan
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in projectworlds Hospital Management System in PHP 1.0 enables unauthenticated remote attackers to extract or modify patient data through the appointment_no parameter in update_info.php. The vulnerability has publicly available exploit code and affects the getAllPatientDetail function, with the vendor notified but unresponsive.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in linlinjava litemall 1.8.0 and earlier allows high-privileged remote attackers to read and modify database contents via crafted requests to multiple Admin Endpoint functions. Public exploit code available (EPSS probability unknown from provided data). Attack requires administrative credentials (PR:H) but achieves confidentiality, integrity, and availability impact on vulnerable component (VC:L/VI:L/VA:L). Despite CVSS 4.0 score of 2.0 (Low severity due to high privilege requirement), the existence of public POC and lack of vendor response elevates practical risk for installations where admin accounts may be compromised.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in litemall WeChat API allows unauthenticated remote attackers to extract, modify, or delete database contents via crafted queries to the goods listing endpoint. Publicly available exploit code exists targeting the WxGoodsController.list() function in versions up to 1.8.0. Vendor unresponsive to disclosure. EPSS data unavailable, but public POC and network accessibility (CVSS AV:N/AC:L/PR:N) indicate moderate exploitation risk for exposed instances.

Java SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database information using time-based blind techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database information using union-based techniques. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zechat
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Joomla!. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Joomla Extension Ekrishta
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.1
HIGH POC This Week

Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in Oinone Pamirs versions up to 7.2.0 allows remote unauthenticated attackers to read, modify, or delete database records via the queryListByWrapper interface. The RSQLToSQLNodeConnector.makeVariable function fails to properly sanitize input, enabling direct database manipulation. A publicly available proof-of-concept exploit exists (GitHub issue #12), and the vendor has not responded to disclosure attempts. EPSS data unavailable, not listed in CISA KEV. CVSS 5.5 (Medium) reflects confidentiality, integrity, and availability impacts all rated Low with network-accessible, low-complexity exploitation requiring no authentication.

SQLi Pamirs
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in Dataease 2.10.20's Data Dashboard component allows authenticated high-privilege attackers to execute arbitrary SQL queries via the SqlparserUtils.transFilter function. The vulnerability requires administrative access (CVSS PR:H) but enables database manipulation including data exfiltration, modification, and potential service disruption. Public exploit code exists on GitHub (xpp3901/CVE_APPLY), lowering the barrier for exploitation despite the high privilege requirement. The CVSS base score of 4.7 reflects limited scope due to authentication requirements, though real-world impact depends on admin credential security.

Java SQLi
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH POC This Week

Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuel Cms
NVD Exploit-DB GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the search_query parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'search' and 'sidx'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Membership
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers to execute arbitrary SQL queries through the getListForTbl. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi XSS Pricing Table
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'sidx' GET. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ultimate Maps
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in Vvveb CMS versions before 1.0.8.3 allows authenticated frontend users to execute arbitrary SQL queries through the order history page. The vulnerability exists in the /user/orders endpoint where order_by and direction parameters are directly concatenated into SQL queries without sanitization, enabling database compromise with low-privileged user credentials. The vendor has released version 1.0.8.3 to address this issue.

SQLi Vvveb
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Unauthenticated SQL injection in phpMyFAQ before 4.1.2 allows remote attackers to extract credentials, admin tokens, and SMTP secrets by sending a crafted User-Agent header to the public GET /api/captcha endpoint. The flaw sits in BuiltinCaptcha::garbageCollector() and BuiltinCaptcha::saveCaptcha(), which interpolate the header into DELETE and INSERT statements via sprintf with no escaping. No public exploit identified at time of analysis, though VulnCheck has published a detailed reachability writeup and a verified time-based blind PoC payload appears in the GHSA advisory.

Information Disclosure SQLi Phpmyfaq
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH PATCH This Week

SQL injection in phpMyFAQ prior to 4.1.2 allows attackers authenticating through Azure AD/Entra ID OAuth to execute arbitrary database queries by embedding SQL metacharacters in their identity provider display name or JWT claims. The CurrentUser::setTokenData() method interpolates OAuth token fields into an UPDATE statement via sprintf without calling the database escape routine, while sibling methods in the same file correctly escape input. Publicly available exploit code exists per VulnCheck and the GHSA advisory, though EPSS is low (0.03%, 9th percentile) and the issue is not in CISA KEV.

Microsoft SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the login_userid parameter of login.php that allows unauthenticated attackers to extract database. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.9
MEDIUM This Month

Time-based blind SQL injection in NEX-Forms Ultimate Forms Plugin for WordPress through version 9.1.12 allows authenticated administrators to extract sensitive database information by injecting arbitrary SQL queries via the insufficiently escaped 'table' parameter. The vulnerability requires administrator-level access and is not actively exploited in public records, but poses significant risk to multi-admin WordPress installations where admin accounts may be compromised or untrusted.

SQLi WordPress
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in ClipBucket v5's admin panel allows authenticated administrators to exfiltrate database contents via the action_logs.php endpoint. The type parameter is directly concatenated into SQL queries without parameterization, enabling UNION-based attacks to extract sensitive data including user credentials, video metadata, and system configuration. Affects all versions prior to 5.5.3 - #122. No active exploitation confirmed (not in CISA KEV), but the technical barrier is low given the straightforward injection point and admin access requirement.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in Marten's PostgreSQL full-text search APIs allows remote unauthenticated attackers to execute arbitrary database commands when applications pass user-controlled input to the regConfig parameter. The vulnerability affects all five search method overloads (SearchAsync, PlainTextSearchAsync, PhraseSearchAsync, WebStyleSearchAsync, PrefixSearchAsync) where the regConfig parameter is interpolated directly into SQL without validation. Confirmed exploit payloads demonstrate time-based blind extraction, information disclosure via SELECT statements, and DDL execution including table drops. Vendor-released patch available in Marten 8.37.0 via GitHub PR #4343. No public exploit identified at time of analysis, though the advisory includes working proof-of-concept payloads for all affected methods.

SQLi PostgreSQL Information Disclosure
NVD GitHub VulDB
EPSS 0% CVSS 8.9
HIGH PATCH This Week

SQL injection in n8n workflow automation platform allows an attacker with write access to a connected git repository to execute arbitrary SQL against the internal PostgreSQL database when an administrator performs a Source Control Pull. The flaw stems from unsafe handling of column names within Data Table JSON files imported during sync. No public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.04%.

PostgreSQL SQLi
NVD GitHub VulDB
EPSS 0% CVSS 3.7
LOW PATCH Monitor

SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION REFRESH PUBLICATION allows authenticated local or network users with table creation privileges to execute arbitrary SQL queries with the publication subscriber's credentials. The attack is deferred until the next REFRESH PUBLICATION command is executed, requiring user interaction or scheduled maintenance. PostgreSQL 16.x, 17.x, and 18.x versions prior to 16.14, 17.10, and 18.4 respectively are vulnerable; earlier versions are unaffected. No public exploit code or active exploitation has been identified.

PostgreSQL SQLi
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Stack buffer overflow in PostgreSQL's refint module allows low-privileged database users to execute arbitrary code as the database operating system user across all supported versions before 14.23, 15.18, 16.14, 17.10, and 18.4. The vulnerability enables two distinct attack paths: direct stack overflow leading to OS-level code execution, and SQL injection when applications expose user-controlled columns configured as refint cascade primary keys. With CVSS 8.8 (AV:N/AC:L/PR:L) and network-based exploitation requiring only low-privilege database credentials, this represents a critical privilege escalation risk for PostgreSQL deployments. No active exploitation (CISA KEV) or public POC identified at time of analysis.

Stack Overflow SQLi Buffer Overflow +3
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

SQL injection in PostgreSQL's pg_createsubscriber utility escalates privileges from pg_create_subscription to superuser, enabling arbitrary SQL execution. Affects PostgreSQL versions 17.0-17.9 and 18.0-18.3; exploitation requires high-privilege access (pg_create_subscription rights) but occurs remotely without additional complexity. Attack triggers when pg_createsubscriber next executes. Fixed in PostgreSQL 18.4 and 17.10. No CISA KEV listing or public exploit identified at time of analysis, but the technical simplicity (AC:L) and privilege escalation nature present moderate risk for multi-tenant or hosted PostgreSQL environments where subscription management permissions are delegated.

PostgreSQL SQLi Suse
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote unauthenticated SQL injection in Akilli Commerce Software Technologies E-Commerce Website before version 4.5.001 allows complete database compromise without authentication. The vulnerability permits blind SQL injection attacks with network-level access and low complexity (CVSS:3.1 AV:N/AC:L/PR:N/UI:N), achieving full confidentiality, integrity, and availability impact (9.8 critical severity). TR-CERT (Turkish national CERT) published this advisory, indicating regional significance for Turkish e-commerce deployments. No public exploit identified at time of analysis, with EPSS risk data and CISA KEV status unavailable for initial assessment.

SQLi E Commerce Website
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Time-based blind SQL injection in the Taskbuilder - Project Management & Task Management Tool With Kanban Board WordPress plugin (all versions through 5.0.6) enables authenticated attackers with Subscriber-level access or above to exfiltrate arbitrary data from the underlying database via the 'project_search' parameter. The vulnerability stems from unsanitized user input being passed into an unprepared SQL query, exposing confidential database contents including user credentials, configuration data, and application records. No public exploit code has been identified at time of analysis, EPSS probability is very low at 0.03%, and CISA has not added this to the Known Exploited Vulnerabilities catalog.

SQLi WordPress Taskbuilder Project Management Task Management Tool With Kanban Board
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in SOGo versions prior to 5.12.7 allows authenticated users to inject arbitrary SQL when changing their password, provided the deployment uses PostgreSQL or MariaDB as the user backend and stores cleartext passwords. The flaw resides in the changePasswordForLogin routine where the new password value is interpolated directly into an UPDATE statement (c_password = '%@'). No public exploit identified at time of analysis, EPSS is very low (0.03%), and SSVC marks exploitation as 'none' - but the patched upstream code (PR #379, fixed in 5.12.7) confirms the vulnerability.

SQLi PostgreSQL Sogo
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

SQL injection in Alinto SOGo versions prior to 5.12.7 allows authenticated remote attackers to manipulate database queries when the groupware is deployed against a PostgreSQL backend. The flaw stems from improper quoting in the SQLSource authentication and contact-lookup paths, which an attacker can leverage to read or modify data with high confidentiality and integrity impact. No public exploit identified at time of analysis and EPSS is very low (0.03%), but a vendor patch and upstream code fix are available.

SQLi PostgreSQL Sogo
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL Injection in the Unlimited Elements for Elementor WordPress plugin (versions up to and including 2.0.7) allows authenticated attackers holding at least Contributor-level access to extract sensitive database contents by injecting arbitrary SQL into the 'data[filter_search]' parameter of the get_cat_addons AJAX action. The vulnerability is the product of two chained weaknesses: the plugin's normalizeAjaxInputData() function actively undoes WordPress's built-in magic-quote protection via stripslashes(), and the deprecated wpdb->_escape() method then fails to safely handle the exposed input before it is concatenated directly into a LIKE clause. Reported by Wordfence and tracked as EUVD-2026-30214, no public exploit code has been identified at time of analysis and CISA KEV does not list this CVE, though the confidentiality impact is rated High, enabling full database read access for a successful attacker.

SQLi WordPress Unlimited Elements For Elementor +1
NVD VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

SQL injection in the cPanel/WHM sqloptimizer utility script allows attackers to execute arbitrary SQL queries as the MySQL root user when Slow Query logging is enabled. The flaw affects multiple cPanel branches (11.86 through 11.136), WP Squared, and the CloudLinux 6/CentOS 6 builds, with no public exploit identified at time of analysis. EPSS is low (0.03%) and SSVC marks exploitation as 'none', but technical impact is rated total because the injection runs with full database privileges.

SQLi Cpanel Wp Squared +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in ERPNext versions prior to 16.9.0 allows authenticated remote attackers to extract sensitive data by sending specially crafted requests to vulnerable endpoints. The Frappe-maintained ERP platform requires low-privileged authentication (PR:L) but has high impact on confidentiality, integrity, and availability per CVSS 8.8. No public exploit identified at time of analysis, and EPSS probability is very low (0.04%).

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in ERPNext (Frappe's open-source ERP platform) prior to 15.104.3 and 16.14.0 allows authenticated remote attackers to extract sensitive database contents by sending crafted requests to vulnerable endpoints. CVSS 8.8 reflects high impact across confidentiality, integrity, and availability, though EPSS sits at 0.04% and SSVC reports no observed exploitation, indicating this is a high-severity but currently unexploited issue. No public exploit identified at time of analysis.

SQLi Erpnext
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in EcclesiaCRM 8.0.0 and earlier allows authenticated remote attackers to execute arbitrary SQL queries through the query view feature. The flaw stems from an incomplete fix for CVE-2026-35184: the ValidateInput() function's default case passes user-supplied POST parameters directly into str_replace-based SQL construction without sanitization when non-standard validation types are used. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at just 0.03%.

SQLi Ecclesiacrm
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

SQL injection in MISP threat intelligence platform versions prior to 2.5.37 allows remote unauthenticated attackers to manipulate ORDER BY clauses in event and shadow attribute listing endpoints by supplying crafted ordering parameters. The CVSS 4.0 score of 9.3 reflects high impact across confidentiality, integrity, and availability, though EPSS exploitation probability sits at just 0.04% and no public exploit identified at time of analysis. Given MISP's role as a repository of sensitive threat-intelligence data shared between organizations, successful exploitation could expose IOCs, attribution data, and partner-shared intelligence.

Authentication Bypass SQLi Misp
NVD GitHub VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

SQL injection in CubeCart v6 prior to 6.7.0 allows an authenticated administrator to execute arbitrary SQL against the store database via the unsanitized ORDER BY clause on the admin transactions listing page. The admin.php orders-transactions endpoint passes attacker-controlled GET parameters directly into a raw SQL fragment, bypassing the platform's sqlSafe() function which only escapes quote characters - none of which are required for ORDER BY injection. An attacker with at minimum CC_PERM_READ permission on orders can leverage time-based blind SQL injection to extract admin password hashes, customer PII, and integrated payment-gateway credentials. No public exploit identified at time of analysis, though SSVC data indicates POC code exists; the EPSS score of 0.03% (9th percentile) reflects limited observed exploitation interest.

PHP SQLi V6
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Authenticated SQL injection in CubeCart v6.x prior to 6.6.0 allows administrative users to execute arbitrary SQL commands through unsanitized sorting parameters on Products and Logs endpoints. Per SSVC, a proof-of-concept exists but the vulnerability is not in CISA KEV, and EPSS scoring (0.03%) reflects very low predicted exploitation activity due to the high-privilege prerequisite.

SQLi V6
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

{ isRaw: true }]` tuple, which is passed directly into Knex's `db.connection.raw()` without sanitization. Affected versions are @strapi/content-type-builder <=5.33.1 (v5) and @strapi/plugin-content-type-builder <=4.26.0 (v4), with impact ranging from arbitrary file read and denial of service to remote code execution on database engines that permit external program execution. No public exploit identified at time of analysis; EPSS is low at 0.13% and CISA SSVC notes exploitation status of 'none', though vendor-confirmed remediation is available.

Denial Of Service SQLi RCE
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

SQL injection in Palo Alto Networks Trust Protection Foundation exposes the platform database to arbitrary command execution by authenticated attackers on an adjacent network. Affected versions span four active release trains (24.1.x, 24.3.x, 25.1.x, 25.3.x), with successful exploitation enabling full database read/write access and privilege escalation to administrative control. No public exploit code exists and no active exploitation has been identified; EPSS sits at 0.01% and SSVC exploitation status is 'none', but the SSVC technical impact rating of 'total' underscores the severity of a successful attack.

Information Disclosure SQLi Trust Protection Foundation
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2 Jobs
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'sortby' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi J2 Jobs
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 6.5
MEDIUM This Month

ProfileGrid User Profiles plugin for WordPress versions up to 5.9.8.4 allow authenticated attackers with Subscriber-level access to execute blind SQL injection attacks via the 'rid' parameter due to insufficient input escaping and lack of prepared statement use. The vulnerability enables extraction of sensitive database information without user interaction. No public exploit code or active exploitation has been confirmed at this time.

SQLi WordPress
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Time-based SQL injection in Avada Builder for WordPress allows remote unauthenticated attackers to extract sensitive database information via the 'product_order' parameter. CVSS 7.5 (High) reflects network-accessible attack vector with no authentication required, but exploitation is limited to specific deployments where WooCommerce was previously installed then deactivated. No active exploitation confirmed (not in CISA KEV), but vulnerability disclosed by Wordfence Threat Intelligence with technical details publicly available.

SQLi WordPress
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Time-based blind SQL injection in JoomSport WordPress plugin (all versions ≤5.7.7) enables unauthenticated remote attackers to extract sensitive database contents including credentials, user data, and configuration secrets via the unsanitized 'sortf' parameter. CVSS 7.5 (High) with network attack vector, low complexity, and no authentication required. EPSS data not provided; no CISA KEV listing indicates exploitation not yet confirmed in the wild. Wordfence Threat Intel reported this vulnerability with proof-of-concept code references pointing to specific vulnerable functions in class-jsport-getplayers.php and class-jsport-playerlist.php, enabling straightforward exploitation by security researchers and threat actors alike.

SQLi WordPress
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in Charitable - Donation Plugin for WordPress versions up to 1.8.10.4 allows authenticated users with donation management admin privileges to inject malicious SQL via the 's' search parameter, enabling extraction of sensitive database information. The vulnerability stems from insufficient escaping and lack of prepared statement usage in the donation search functionality. Attack requires administrator-level access to the donation management area (edit_others_donations capability), limiting scope to internal threats but carrying high confidentiality impact.

SQLi WordPress
NVD
EPSS 0% CVSS 7.2
HIGH This Week

SQL injection in multiple Advantech industrial IoT platforms allows remote authenticated attackers with high privileges to execute arbitrary database commands. Affected products include WebAccess/SCADA, SaaS Composer, IoTSuite Growth/Starter, and IoT Edge across Windows and Linux Docker deployments. The vulnerability enables complete database compromise - attackers can read sensitive industrial control system data, modify configurations, or delete critical operational information. CVSS 7.2 reflects high impact across confidentiality, integrity, and availability, though exploitation requires administrative credentials (PR:H), significantly limiting attack surface compared to unauthenticated SQL injection vulnerabilities.

SQLi Saas Composer Iotsuite Growth Linux Docker +6
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) exposes sensitive database contents, including user PII, to unauthenticated remote attackers via the `datascope` parameter in `SysUserMapper.xml`. The vulnerability requires no authentication, no user interaction, and is reachable over the network, making automated exploitation feasible. SSVC assessment confirms exploitation has not been observed and EPSS sits at 0.03% (9th percentile), indicating low current exploitation interest despite the permissive attack surface.

SQLi N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in qihang-wms (commit 75c15a) via the unsanitized `datascope` parameter in `SysDeptMapper.xml` allows remote database access without authentication. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms unauthenticated, network-accessible, low-complexity exploitation yielding partial confidentiality and integrity impact, including exposure of users' PII from the backend database. Publicly available exploit code exists via GitHub-hosted writeups and proof-of-concept scripts, though EPSS sits at 0.03% (9th percentile) and SSVC reports no confirmed active exploitation at time of analysis.

SQLi N A
NVD GitHub
Prev Page 10 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy