Skip to main content

SQLi

15171 CVEs technique

Monthly

CVE-2026-3672 LOW Monitor

SQL injection in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to execute arbitrary SQL queries via the getDictItems API endpoint due to insufficient validation in the isExistSqlInjectKeyword function. An attacker with valid credentials can exploit this vulnerability to read, modify, or delete database contents. No patch is currently available, and public exploit code has been disclosed.

SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-30860 Go CRITICAL POC PATCH Act Now

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available.

PostgreSQL RCE SQLi AI / ML Weknora +1
NVD GitHub
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-2429 MEDIUM This Month

SQL injection in WordPress Community Events plugin up to version 1.5.8 allows authenticated administrators to extract sensitive database information through malicious CSV file uploads exploiting inadequately sanitized venue name fields. The vulnerability requires high-level privileges and manual interaction but poses a significant confidentiality risk to WordPress installations using this plugin. No patch is currently available.

WordPress SQLi File Upload
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2025-14353 HIGH This Week

ZIP Code Based Content Protection (WordPress plugin) versions up to 1.0.2 is affected by sql injection (CVSS 7.5).

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2018-25199 HIGH POC This Week

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. [CVSS 8.2 HIGH]

PHP SQLi Php Oop Cms Blog
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2018-25197 HIGH POC This Week

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25196 HIGH POC This Week

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25194 HIGH POC This Week

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Path Traversal
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25192 HIGH POC This Week

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25191 HIGH POC This Week

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25189 HIGH POC This Week

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25188 HIGH POC This Week

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25187 HIGH POC This Week

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2018-25182 HIGH POC This Week

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25180 HIGH POC This Week

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. [CVSS 7.1 HIGH]

SQLi
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25179 HIGH POC This Week

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25176 HIGH POC This Week

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. [CVSS 8.2 HIGH]

RCE SQLi CSRF
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25175 HIGH POC This Week

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25173 HIGH POC This Week

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25172 HIGH POC This Week

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25171 HIGH POC This Week

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. [CVSS 8.2 HIGH]

SQLi File Upload
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25170 HIGH POC This Week

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. [CVSS 8.2 HIGH]

PHP SQLi CSRF
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2018-25167 HIGH POC This Week

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25166 HIGH POC This Week

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25165 HIGH POC This Week

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25163 HIGH POC This Week

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25161 HIGH POC This Week

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2026-29073 Go HIGH POC This Week

SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to execute arbitrary database queries through the /api/query/sql endpoint due to insufficient authorization checks. Public exploit code exists for this vulnerability, enabling attackers to extract sensitive data or modify the knowledge base contents. No patch is currently available for affected versions.

SQLi Siyuan Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28438 PyPI CRITICAL PATCH Act Now

SQL injection in CocoIndex Doris connector before 0.3.34. Patch available.

SQLi AI / ML Cocoindex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28785 CRITICAL PATCH Act Now

SQL injection in Ghostfolio before 2.244.0 via symbol validation bypass. Patch available.

RCE SQLi Ghostfolio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28501 PHP CRITICAL POC Act Now

Unauthenticated SQL injection in AVideo before 24.0.

PHP SQLi Avideo
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-3616 LOW Monitor

SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-29081 MEDIUM This Month

Frappe versions prior to 14.100.1 and 15.100.0 contain a SQL injection vulnerability in an endpoint that allows authenticated attackers to extract sensitive information from the database. An attacker with valid credentials can craft malicious requests to bypass query protections and access confidential data without modifying or disrupting system availability. No patch is currently available for affected deployments.

SQLi Frappe
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28443 CRITICAL Act Now

SQL injection in OpenReplay session replay before 1.20.0.

SQLi Openreplay
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28284 HIGH This Week

SQL injection in the FreePBX logfiles module allows authenticated attackers to manipulate database queries and potentially extract sensitive data or modify system records. Versions prior to 16.0.10 and 17.0.5 are vulnerable, and attackers with valid FreePBX credentials can exploit this weakness to achieve high-impact unauthorized access to confidential information and system integrity. No patch is currently available for affected deployments.

SQLi Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-28210 HIGH This Week

Unauthenticated SQL injection in the FreePBX CDR module (versions before 16.0.49 and 17.0.7) allows authenticated users to execute arbitrary SQL commands and potentially compromise the entire database. An attacker with valid credentials can exploit this vulnerability to read sensitive call records, modify system data, or escalate privileges within the FreePBX system. No patch is currently available, leaving affected installations at high risk until upgrades are deployed.

SQLi Freepbx
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2893 MEDIUM This Month

SQL injection in WordPress Page and Post Clone plugin up to version 6.3 allows authenticated contributors and above to extract sensitive database information through a second-order injection via the meta_key parameter. The vulnerability stems from insufficient input escaping and query preparation in the content_clone() function, with malicious payloads stored as post metadata and executed during the clone operation. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-28115 CRITICAL Act Now

SQL injection in WP Attractive Donations System WordPress plugin.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-27428 HIGH This Week

Eagle Booking plugin versions 1.3.4.3 and earlier contain an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries over the network. An attacker with user-level privileges can exploit this to extract sensitive data from the database or potentially modify application data, though no patch is currently available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-27373 HIGH This Week

Essekia Tablesome versions up to 1.2.3 contain a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries through improper input sanitization. An attacker with valid credentials can exploit this to extract sensitive data from the database, though no patch is currently available. The vulnerability has a CVSS score of 8.5 and requires network access with low attack complexity.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2025-69338 CRITICAL Act Now

Blind SQL injection in Riode Core (riode-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-3523 MEDIUM This Month

SQL injection in the Apocalypse Meow WordPress plugin up to version 22.1.0 allows authenticated administrators to execute arbitrary SQL queries due to a flawed validation check combined with improper quote escaping. An authenticated attacker with administrator privileges can exploit this via the 'type' parameter to extract sensitive database information. No patch is currently available.

WordPress PHP SQLi
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2026-20003 MEDIUM This Month

SQL injection in Cisco Secure FMC REST API allows authenticated users with administrative roles to extract sensitive database contents and read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials but posing significant risk to organizations using affected systems. No patch is currently available.

Cisco SQLi
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-20002 HIGH This Week

Unauthenticated SQL injection in Cisco Secure FMC's web management interface allows authenticated attackers to manipulate database queries and extract sensitive data or read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials to exploit. No patch is currently available.

Cisco SQLi
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-20001 MEDIUM This Month

SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.

Cisco SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2019-25507 HIGH POC This Week

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25506 HIGH POC This Week

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Freesms
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-25505 HIGH POC This Week

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. [CVSS 7.1 HIGH]

SQLi Tradebox
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2019-25504 HIGH POC This Week

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2019-25503 HIGH POC This Week

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. [CVSS 7.1 HIGH]

PHP SQLi Phpads
NVD Exploit-DB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2019-25501 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25500 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]

SQLi Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25499 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.3%
CVE-2019-25498 HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2025-66944 CRITICAL POC Act Now

SQL injection in databaseir v.1.0.7 via query parameter. PoC available.

SQLi Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-66678 CRITICAL POC Act Now

Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.

RCE SQLi Hardware Read Write Utility
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-7337 HIGH POC This Week

The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-2363 MEDIUM This Month

The WP-Members Membership Plugin for WordPress through version 3.5.5.1 contains a SQL injection vulnerability in the [wpmem_user_membership_posts] shortcode's 'order_by' parameter due to insufficient input escaping and query preparation. Authenticated attackers with Contributor-level access or higher can exploit this to execute arbitrary SQL queries and extract sensitive database information. No patch is currently available.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-1651 MEDIUM This Month

SQL injection in the Email Subscribers by Icegram Express WordPress plugin through version 5.9.16 allows authenticated administrators to execute arbitrary database queries via the 'workflow_ids' parameter due to insufficient input escaping. An attacker with admin-level access could exploit this to extract sensitive information from the database. No patch is currently available for this vulnerability.

WordPress SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3487 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-3486 LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-26892 HIGH POC This Week

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 7.2).

PHP SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-26891 LOW POC Monitor

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26889 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26888 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26887 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26890 LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2021-35484 HIGH This Week

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. [CVSS 8.2 HIGH]

SQLi Impact
NVD
CVSS 3.1
8.2
EPSS
0.0%
CVE-2026-26886 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26885 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26884 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-26883 LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-70821 CRITICAL POC Act Now

SQL injection in renren-security before v5.5.0 in BaseServiceImpl.java. PoC available.

Java SQLi Renren Security
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-1487 MEDIUM This Month

Calendar Booking Plugin for Appointments and Event versions up to 5.2.7 is affected by sql injection (CVSS 6.5).

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-26713 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26712 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26711 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26710 CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26709 CRITICAL POC Act Now

Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-48650 HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-3180 HIGH POC This Week

Unauthenticated attackers can exploit blind SQL injection in the Contest Gallery WordPress plugin through improperly sanitized email parameters to extract sensitive database information without authentication. Affected versions through 28.1.4 fail to properly escape user input in the 'cgLostPasswordEmail' and 'cgl_mail' parameters, allowing attackers to inject arbitrary SQL commands. No patch is currently available for all vulnerable versions.

WordPress SQLi
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-26707 CRITICAL POC Act Now

Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26706 CRITICAL POC Act Now

Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26705 CRITICAL POC Act Now

Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26704 CRITICAL POC Act Now

Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-28399 npm HIGH PATCH This Week

SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.

SQLi Nocodb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26708 CRITICAL POC Act Now

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26700 CRITICAL POC Act Now

Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26701 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26703 CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in JeecgBoot up to version 3.9.1 allows authenticated remote attackers to execute arbitrary SQL queries via the getDictItems API endpoint due to insufficient validation in the isExistSqlInjectKeyword function. An attacker with valid credentials can exploit this vulnerability to read, modify, or delete database contents. No patch is currently available, and public exploit code has been disclosed.

SQLi
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

SQL injection in WeKnora LLM document understanding framework allows authenticated users to extract arbitrary database contents. CVSS 9.9 with scope change. PoC available.

PostgreSQL RCE SQLi +3
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

SQL injection in WordPress Community Events plugin up to version 1.5.8 allows authenticated administrators to extract sensitive database information through malicious CSV file uploads exploiting inadequately sanitized venue name fields. The vulnerability requires high-level privileges and manual interaction but poses a significant confidentiality risk to WordPress installations using this plugin. No patch is currently available.

WordPress SQLi File Upload
NVD
EPSS 0% CVSS 7.5
HIGH This Week

ZIP Code Based Content Protection (WordPress plugin) versions up to 1.0.2 is affected by sql injection (CVSS 7.5).

WordPress SQLi
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

OOP CMS BLOG 1.0 contains SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through multiple parameters. [CVSS 8.2 HIGH]

PHP SQLi Php Oop Cms Blog
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

PlayJoom 0.10.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Nominas 0.27 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Path Traversal
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

GPS Tracking System 2.12 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Facturation System 1.0 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'mod_id' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dca_login.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Webiness Inventory 2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the order parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Silurus Classifieds Script 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ID parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Maitra 1.7.2 contains an sql injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the mailid parameter in outmail and inmail modules. [CVSS 7.1 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Gumbo CMS 0.99 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the language parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Alive Parish 2.0.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the key parameter in the search endpoint. [CVSS 8.2 HIGH]

RCE SQLi CSRF
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Alienor Web Libre 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the identifiant parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Pedidos 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

EdTv 2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. [CVSS 8.2 HIGH]

SQLi File Upload
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

DoceboLMS 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id, idC, and idU parameters. [CVSS 8.2 HIGH]

PHP SQLi CSRF
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Meneame English Pligg 5.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Galaxy Forces MMORPG 0.5.8 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'type' parameter. [CVSS 7.1 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

BitZoom 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rollno and username parameters in forgot.php and login.php. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Warranty Tracking System 11.06.3 contains an SQL injection vulnerability that allows attackers to execute arbitrary SQL queries by injecting malicious code through the txtCustomerCode, txtCustomerName, and txtPhone POST parameters in SearchCustomer.php. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

SQL injection in SiYuan prior to version 3.6.0 allows any authenticated user, including those with read-only access, to execute arbitrary database queries through the /api/query/sql endpoint due to insufficient authorization checks. Public exploit code exists for this vulnerability, enabling attackers to extract sensitive data or modify the knowledge base contents. No patch is currently available for affected versions.

SQLi Siyuan Suse
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in CocoIndex Doris connector before 0.3.34. Patch available.

SQLi AI / ML Cocoindex
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

SQL injection in Ghostfolio before 2.244.0 via symbol validation bypass. Patch available.

RCE SQLi Ghostfolio
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Unauthenticated SQL injection in AVideo before 24.0.

PHP SQLi Avideo
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in DefaultFunction Jeson CRM 1.0.0 allows authenticated attackers to manipulate the ID parameter in /modules/customers/edit.php and execute arbitrary SQL queries, potentially compromising data confidentiality and integrity. Public exploit code exists for this vulnerability, and no patch is currently available despite the identified fix commit hash.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Frappe versions prior to 14.100.1 and 15.100.0 contain a SQL injection vulnerability in an endpoint that allows authenticated attackers to extract sensitive information from the database. An attacker with valid credentials can craft malicious requests to bypass query protections and access confidential data without modifying or disrupting system availability. No patch is currently available for affected deployments.

SQLi Frappe
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

SQL injection in OpenReplay session replay before 1.20.0.

SQLi Openreplay
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in the FreePBX logfiles module allows authenticated attackers to manipulate database queries and potentially extract sensitive data or modify system records. Versions prior to 16.0.10 and 17.0.5 are vulnerable, and attackers with valid FreePBX credentials can exploit this weakness to achieve high-impact unauthorized access to confidential information and system integrity. No patch is currently available for affected deployments.

SQLi Freepbx
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Unauthenticated SQL injection in the FreePBX CDR module (versions before 16.0.49 and 17.0.7) allows authenticated users to execute arbitrary SQL commands and potentially compromise the entire database. An attacker with valid credentials can exploit this vulnerability to read sensitive call records, modify system data, or escalate privileges within the FreePBX system. No patch is currently available, leaving affected installations at high risk until upgrades are deployed.

SQLi Freepbx
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in WordPress Page and Post Clone plugin up to version 6.3 allows authenticated contributors and above to extract sensitive database information through a second-order injection via the meta_key parameter. The vulnerability stems from insufficient input escaping and query preparation in the content_clone() function, with malicious payloads stored as post metadata and executed during the clone operation. No patch is currently available.

WordPress SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

SQL injection in WP Attractive Donations System WordPress plugin.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Eagle Booking plugin versions 1.3.4.3 and earlier contain an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries over the network. An attacker with user-level privileges can exploit this to extract sensitive data from the database or potentially modify application data, though no patch is currently available.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Essekia Tablesome versions up to 1.2.3 contain a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries through improper input sanitization. An attacker with valid credentials can exploit this to extract sensitive data from the database, though no patch is currently available. The vulnerability has a CVSS score of 8.5 and requires network access with low attack complexity.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in Riode Core (riode-core) WordPress theme/plugin core allows data extraction from the database.

SQLi
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

SQL injection in the Apocalypse Meow WordPress plugin up to version 22.1.0 allows authenticated administrators to execute arbitrary SQL queries due to a flawed validation check combined with improper quote escaping. An authenticated attacker with administrator privileges can exploit this via the 'type' parameter to extract sensitive database information. No patch is currently available.

WordPress PHP SQLi
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

SQL injection in Cisco Secure FMC REST API allows authenticated users with administrative roles to extract sensitive database contents and read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials but posing significant risk to organizations using affected systems. No patch is currently available.

Cisco SQLi
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated SQL injection in Cisco Secure FMC's web management interface allows authenticated attackers to manipulate database queries and extract sensitive data or read operating system files. The vulnerability stems from insufficient input validation on user-supplied requests, requiring valid credentials to exploit. No patch is currently available.

Cisco SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.

Cisco SQLi
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass +1
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. [CVSS 7.1 HIGH]

SQLi Tradebox
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. [CVSS 7.1 HIGH]

PHP SQLi Phpads
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass +1
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]

SQLi Simplejobscript
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. [CVSS 8.2 HIGH]

PHP SQLi Authentication Bypass +1
NVD Exploit-DB
EPSS 0% CVSS 8.2
HIGH POC This Week

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. [CVSS 8.2 HIGH]

SQLi Authentication Bypass Simplejobscript
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection in databaseir v.1.0.7 via query parameter. PoC available.

SQLi Databasir
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.

RCE SQLi Hardware Read Write Utility
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

WordPress SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

The WP-Members Membership Plugin for WordPress through version 3.5.5.1 contains a SQL injection vulnerability in the [wpmem_user_membership_posts] shortcode's 'order_by' parameter due to insufficient input escaping and query preparation. Authenticated attackers with Contributor-level access or higher can exploit this to execute arbitrary SQL queries and extract sensitive database information. No patch is currently available.

WordPress SQLi
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL injection in the Email Subscribers by Icegram Express WordPress plugin through version 5.9.16 allows authenticated administrators to execute arbitrary database queries via the 'workflow_ids' parameter due to insufficient input escaping. An attacker with admin-level access could exploit this to extract sensitive information from the database. No patch is currently available for this vulnerability.

WordPress SQLi
NVD GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 7.2
HIGH POC This Week

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 7.2).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]

PHP SQLi
NVD GitHub
EPSS 0% CVSS 8.2
HIGH This Week

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. [CVSS 8.2 HIGH]

SQLi Impact
NVD
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 2.7
LOW POC Monitor

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

PHP SQLi
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

SQL injection in renren-security before v5.5.0 in BaseServiceImpl.java. PoC available.

Java SQLi Renren Security
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Calendar Booking Plugin for Appointments and Event versions up to 5.2.7 is affected by sql injection (CVSS 6.5).

WordPress SQLi
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in cancel-order.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in view-ticket.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Food Order System v1.0 has SQL injection in edit-order.

PHP SQLi Simple Food Order System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Simple Gym Management System v1.0 has SQL injection in trainer search.

PHP SQLi Simple Gym Management System
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.5
HIGH POC This Week

Unauthenticated attackers can exploit blind SQL injection in the Contest Gallery WordPress plugin through improperly sanitized email parameters to extract sensitive database information without authentication. Affected versions through 28.1.4 fail to properly escape user input in the 'cgLostPasswordEmail' and 'cgl_mail' parameters, allowing attackers to inject arbitrary SQL commands. No patch is currently available for all vulnerable versions.

WordPress SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a fifth SQL injection in view_sales.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a fourth SQL injection in view_reports.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a third SQL injection in view_products.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy POS has a second SQL injection in view_categories.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.

SQLi Nocodb
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

PHP SQLi Pharmacy Point Of Sale System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System has a fourth SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a third SQL injection.

PHP SQLi Personnel Property Equipment System
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

PHP SQLi Personnel Property Equipment System
NVD GitHub
Prev Page 21 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy