SQLi
Monthly
WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.
XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.
SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. [CVSS 6.5 MEDIUM]
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. [CVSS 6.5 MEDIUM]
GestSup versions before 3.2.60 allow authenticated attackers to execute SQL injection attacks through insufficiently sanitized filtering and sorting parameters in the asset list functionality, potentially enabling unauthorized database access or modification. The vulnerability requires valid credentials to exploit but has no available patch, leaving affected installations vulnerable to data breach or manipulation depending on database permissions.
GestSup prior to version 3.2.60 is vulnerable to SQL injection in the ticket creation feature, allowing authenticated attackers to execute arbitrary database queries through unsanitized user input. An attacker with valid credentials can read or modify sensitive database contents depending on the database permission level. No patch is currently available.
Authenticated attackers can exploit SQL injection in GestSup's search functionality (versions before 3.2.60) to manipulate database queries and access or modify sensitive data. The vulnerability stems from insufficient input validation on user-controlled search parameters in SQL statements. With no patch currently available, affected organizations should implement database access controls and monitor for suspicious search activity.
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. [CVSS 6.3 MEDIUM]
A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. [CVSS 6.3 MEDIUM]
Docsys versions up to 2.02.36. contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
PHPGurukul Online Course Registration System through version 3.1 contains a SQL injection vulnerability in /enroll.php that allows authenticated attackers to manipulate multiple parameters (studentregno, Pincode, session, department, level, course, sem) to execute arbitrary database queries over the network. Public exploit code exists for this vulnerability, and no patch is currently available, creating risk for deployments handling course enrollment data.
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. [CVSS 5.4 MEDIUM]
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user. [CVSS 5.4 MEDIUM]
A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. [CVSS 6.3 MEDIUM]
BeeS Software BET Portal has SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and extract database contents. PoC available.
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. [CVSS 7.5 HIGH]
SQL injection in PHPGurukul Online Course Registration System through 3.1 allows authenticated attackers to manipulate the id/cid parameters in the manage-students.php admin function, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the Intern Membership Management System 1.0 add_activity.php file allows authenticated administrators to manipulate the Title parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables an authenticated attacker with high privileges to compromise data confidentiality and integrity.
SQL injection in the Intern Membership Management System 1.0 admin deletion function allows authenticated attackers with high privileges to manipulate the admin_id parameter and execute arbitrary database queries remotely. Public exploit code is available for this vulnerability, which affects PHP-based deployments. The vulnerability enables unauthorized data access, modification, and potential denial of service with no patch currently available.
Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.
online-shopping-system-php 1.0 has SQL injection in review_action.php via the proId parameter. PoC available.
SQL injection in Parsl's visualization dashboard allows unauthenticated attackers to execute arbitrary database queries through unsafe string formatting of the workflow_id parameter. Public exploit code exists for this vulnerability, enabling potential data theft or database denial of service attacks against the monitoring infrastructure. The issue affects Parsl versions prior to 2026.01.05, which includes the fix.
Blind SQL injection in CoreShop prior to version 4.1.8 allows authenticated administrators to extract sensitive database information through boolean-based or time-based attack techniques. The vulnerability is limited to information disclosure due to the application's read-only database permissions, preventing data modification or denial of service. Public exploit code exists for this vulnerability; administrators should upgrade to version 4.1.8 or later.
Automotive Listings WordPress theme (through 18.6) has blind SQL injection enabling unauthenticated database extraction.
Lobo WordPress theme (before 2.8.6) has blind SQL injection enabling unauthenticated database extraction.
Felan Framework (through 1.1.3) also has SQL injection in addition to the auth bypass (CVE-2025-23504). Two critical vulnerabilities in the same plugin create a devastating attack chain.
Workreap WordPress plugin (through 3.3.6) has SQL injection enabling unauthenticated database extraction. A freelance marketplace plugin likely containing user PII and financial data.
WooCommerce Orders & Customers Exporter (through 5.4) has SQL injection enabling unauthenticated extraction of all order and customer data including payment details and personal information.
SQL injection in the admin panel of code-projects Intern Membership Management System 1.0 allows authenticated attackers with high privileges to manipulate the Username parameter in /intern/admin/add_admin.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should restrict administrative access and consider implementing input validation controls or upgrading to a patched version when available.
Intern Membership Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the activity_id parameter in edit_activity.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, though no patch is currently available.
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_students.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive data. No patch is currently available to remediate this issue.
SQL injection in the Intern Membership Management System 1.0 admin panel allows remote attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_admin.php, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.
ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.
Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext storage of sensitive information (CVSS 7.5).
A weakness has been identified in bluelabsio records-mover versions up to 1.5.4. contains a security vulnerability (CVSS 5.3).
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]
WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks [CVSS 4.9 MEDIUM]
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. [CVSS 6.5 MEDIUM]
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. [CVSS 7.5 HIGH]
The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]
Page Expire Popup/Redirection for WordPress (WordPress plugin) is affected by sql injection (CVSS 6.5).
The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]
The Form Vibes - Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]
Online Music Site versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /FrontEnd/Albums.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.
SQL injection in the Online Music Site 1.0 login functionality allows unauthenticated remote attackers to manipulate username and password parameters, potentially leading to unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at immediate risk.
Waituk Entrada WordPress theme (through 5.7.7) contains blind SQL injection with scope change, allowing unauthenticated database extraction beyond the theme's own data.
SQL injection in Campcodes Supplier Management System 1.0 allows authenticated remote attackers to manipulate the txtRetailerAddress parameter in /retailer/edit_profile.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running PHP-based installations should implement input validation controls and restrict access to the vulnerable endpoint until patching becomes available.
Centreon Infra Monitoring's AWIE export module contains SQL injection accessible to unauthenticated users. Combined with CVE-2025-15026 (missing auth on import), the AWIE module has both unauthenticated data extraction and unauthorized configuration access. Patch available.
SQL injection in the Online Product Reservation System 1.0 user registration handler allows remote attackers to manipulate multiple input fields (name, address, contact details, email, username) without authentication to execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing active exploitation risk. No patch is currently available for affected PHP-based installations.
SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.
SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.
Infility Global WordPress plugin (through 2.14.48) contains SQL injection with scope change, enabling unauthenticated database extraction beyond the plugin's own data. No patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. [CVSS 8.5 HIGH]
Amazon Native Shopping Recommendations WordPress plugin (through 1.3) contains SQL injection that allows unauthenticated attackers to extract database contents with scope change. Abandoned plugin with no expected patch.
SQL injection in the Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the transaction_id parameter in /order_view.php and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The flaw enables attackers to read, modify, or delete sensitive data with network access only.
SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.
SQL injection in the User Login component of Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the emailadd parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or modify database contents. No patch is currently available to address this issue.
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. [CVSS 8.6 HIGH]
A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not u...
SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.
SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. [CVSS 4.7 MEDIUM]
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. [CVSS 4.7 MEDIUM]
SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.
SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Music Site 1.0 via the fname parameter in /Frontend/Feedback.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive information. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /Frontend/AlbumByCategory.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in Online Music Site 1.0's ViewSongs.php parameter handling allows unauthenticated remote attackers to manipulate the ID argument and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and impacts the confidentiality, integrity, and availability of the affected application.
SQL injection in code-projects Content Management System 1.0 via the ID parameter in /pages.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to read, modify, or delete sensitive database information with low complexity from any network location.
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. [CVSS 6.3 MEDIUM]
QNAP Hyper Data Protector before 2.2.4.1 has an SQL injection vulnerability that allows remote attackers to execute unauthorized commands on the backup database. Combined with CVE-2025-59388 (hardcoded credentials), this creates a critical attack chain.
An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
The online-movie-booking application (v5.5) by gosaliajainam contains SQL injection in movie_details.php, allowing unauthenticated attackers to extract the entire database. PoC exists. This is an open-source educational project often deployed without hardening.
Content Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in code-projects Content Management System 1.0 via the search.php parameter allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations should implement immediate input validation or access controls until patching is possible.
A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CVSS 7.5 HIGH]
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]
WeKnora versions before 0.2.5 allow unauthenticated attackers to bypass database query restrictions through prompt injection techniques when the Agent service is enabled, enabling unauthorized access to sensitive data. Public exploit code exists for this vulnerability, which affects the framework's document understanding and semantic retrieval capabilities. A patch is available in version 0.2.5 and later.
XWiki Full Calendar Macro (before 2.4.5) has SQL injection accessible to guest users via the Calendar.JSONService page. Maximum CVSS 10.0 with scope change. Patch available.
SQL injection vulnerability in pss.sale.com 1.0 via the id parameter to the userfiles/php/cancel_order.php endpoint. [CVSS 6.5 MEDIUM]
Area9 Rhapsode 1.47.3 allows SQL Injection via multiple API endpoints accessible to authenticated users. Insufficient input validation allows remote attackers to inject arbitrary SQL commands, resulting in unauthorized database access and potential compromise of sensitive data. [CVSS 6.5 MEDIUM]
GestSup versions before 3.2.60 allow authenticated attackers to execute SQL injection attacks through insufficiently sanitized filtering and sorting parameters in the asset list functionality, potentially enabling unauthorized database access or modification. The vulnerability requires valid credentials to exploit but has no available patch, leaving affected installations vulnerable to data breach or manipulation depending on database permissions.
GestSup prior to version 3.2.60 is vulnerable to SQL injection in the ticket creation feature, allowing authenticated attackers to execute arbitrary database queries through unsanitized user input. An attacker with valid credentials can read or modify sensitive database contents depending on the database permission level. No patch is currently available.
Authenticated attackers can exploit SQL injection in GestSup's search functionality (versions before 3.2.60) to manipulate database queries and access or modify sensitive data. The vulnerability stems from insufficient input validation on user-controlled search parameters in SQL statements. With no patch currently available, affected organizations should implement database access controls and monitor for suspicious search activity.
A vulnerability was determined in guchengwuyue yshopmall up to 1.9.1. Affected is the function getPage of the file /api/jobs. [CVSS 6.3 MEDIUM]
A vulnerability has been found in RainyGao DocSys up to 2.02.37. This affects an unknown function of the file com/DocSystem/mapping/UserMapper.xml. [CVSS 6.3 MEDIUM]
Docsys versions up to 2.02.36. contains a vulnerability that allows attackers to sql injection (CVSS 6.3).
PHPGurukul Online Course Registration System through version 3.1 contains a SQL injection vulnerability in /enroll.php that allows authenticated attackers to manipulate multiple parameters (studentregno, Pincode, session, department, level, course, sem) to execute arbitrary database queries over the network. Public exploit code exists for this vulnerability, and no patch is currently available, creating risk for deployments handling course enrollment data.
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple SQL injection vulnerabilities exists which allow a low privileged and administrative user to access the database and its content. [CVSS 5.4 MEDIUM]
In TIM BPM Suite/ TIM FLOW through 9.1.2 multiple Hibernate Query Language injection vulnerabilities exist which allow a low privileged user to extract passwords of other users and access sensitive data of another user. [CVSS 5.4 MEDIUM]
A vulnerability was detected in RainyGao DocSys up to 2.02.36. The affected element is an unknown function of the file src/com/DocSystem/mapping/GroupMemberMapper.xml. [CVSS 6.3 MEDIUM]
BeeS Software BET Portal has SQL injection in the login functionality, allowing unauthenticated attackers to bypass authentication and extract database contents. PoC available.
This vulnerability allows unauthenticated attackers to inject an SQL request into GET request parameters and directly query the underlying database. [CVSS 7.5 HIGH]
SQL injection in PHPGurukul Online Course Registration System through 3.1 allows authenticated attackers to manipulate the id/cid parameters in the manage-students.php admin function, enabling unauthorized database access and potential data modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the Intern Membership Management System 1.0 add_activity.php file allows authenticated administrators to manipulate the Title parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw enables an authenticated attacker with high privileges to compromise data confidentiality and integrity.
SQL injection in the Intern Membership Management System 1.0 admin deletion function allows authenticated attackers with high privileges to manipulate the admin_id parameter and execute arbitrary database queries remotely. Public exploit code is available for this vulnerability, which affects PHP-based deployments. The vulnerability enables unauthorized data access, modification, and potential denial of service with no patch currently available.
Print Shop Pro WebDesk 18.34 has SQL injection in the hfInventoryDistFormID parameter of GetUnitPrice. Combined with CVE-2025-61546 (negative quantities), this endpoint has two critical vulnerabilities. PoC available, fixed in 19.69.
online-shopping-system-php 1.0 has SQL injection in review_action.php via the proId parameter. PoC available.
SQL injection in Parsl's visualization dashboard allows unauthenticated attackers to execute arbitrary database queries through unsafe string formatting of the workflow_id parameter. Public exploit code exists for this vulnerability, enabling potential data theft or database denial of service attacks against the monitoring infrastructure. The issue affects Parsl versions prior to 2026.01.05, which includes the fix.
Blind SQL injection in CoreShop prior to version 4.1.8 allows authenticated administrators to extract sensitive database information through boolean-based or time-based attack techniques. The vulnerability is limited to information disclosure due to the application's read-only database permissions, preventing data modification or denial of service. Public exploit code exists for this vulnerability; administrators should upgrade to version 4.1.8 or later.
Automotive Listings WordPress theme (through 18.6) has blind SQL injection enabling unauthenticated database extraction.
Lobo WordPress theme (before 2.8.6) has blind SQL injection enabling unauthenticated database extraction.
Felan Framework (through 1.1.3) also has SQL injection in addition to the auth bypass (CVE-2025-23504). Two critical vulnerabilities in the same plugin create a devastating attack chain.
Workreap WordPress plugin (through 3.3.6) has SQL injection enabling unauthenticated database extraction. A freelance marketplace plugin likely containing user PII and financial data.
WooCommerce Orders & Customers Exporter (through 5.4) has SQL injection enabling unauthenticated extraction of all order and customer data including payment details and personal information.
SQL injection in the admin panel of code-projects Intern Membership Management System 1.0 allows authenticated attackers with high privileges to manipulate the Username parameter in /intern/admin/add_admin.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations should restrict administrative access and consider implementing input validation controls or upgrading to a patched version when available.
Intern Membership Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the activity_id parameter in edit_activity.php, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, though no patch is currently available.
SQL injection in the Intern Membership Management System 1.0 admin panel allows authenticated attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_students.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, enabling attackers to read, modify, or delete sensitive data. No patch is currently available to remediate this issue.
SQL injection in the Intern Membership Management System 1.0 admin panel allows remote attackers with high privileges to manipulate the admin_id parameter in /intern/admin/edit_admin.php, potentially enabling unauthorized data access or modification. Public exploit code exists for this vulnerability, and no patch is currently available.
ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.
Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext storage of sensitive information (CVSS 7.5).
A weakness has been identified in bluelabsio records-mover versions up to 1.5.4. contains a security vulnerability (CVSS 5.3).
The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]
WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.
The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks [CVSS 4.9 MEDIUM]
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. [CVSS 6.5 MEDIUM]
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. [CVSS 7.5 HIGH]
The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]
Page Expire Popup/Redirection for WordPress (WordPress plugin) is affected by sql injection (CVSS 6.5).
The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]
The Form Vibes - Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]
Online Music Site versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /FrontEnd/Albums.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.
SQL injection in the Online Music Site 1.0 login functionality allows unauthenticated remote attackers to manipulate username and password parameters, potentially leading to unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at immediate risk.
Waituk Entrada WordPress theme (through 5.7.7) contains blind SQL injection with scope change, allowing unauthenticated database extraction beyond the theme's own data.
SQL injection in Campcodes Supplier Management System 1.0 allows authenticated remote attackers to manipulate the txtRetailerAddress parameter in /retailer/edit_profile.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running PHP-based installations should implement input validation controls and restrict access to the vulnerable endpoint until patching becomes available.
Centreon Infra Monitoring's AWIE export module contains SQL injection accessible to unauthenticated users. Combined with CVE-2025-15026 (missing auth on import), the AWIE module has both unauthenticated data extraction and unauthorized configuration access. Patch available.
SQL injection in the Online Product Reservation System 1.0 user registration handler allows remote attackers to manipulate multiple input fields (name, address, contact details, email, username) without authentication to execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing active exploitation risk. No patch is currently available for affected PHP-based installations.
SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.
SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.
Infility Global WordPress plugin (through 2.14.48) contains SQL injection with scope change, enabling unauthenticated database extraction beyond the plugin's own data. No patch available.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. [CVSS 8.5 HIGH]
Amazon Native Shopping Recommendations WordPress plugin (through 1.3) contains SQL injection that allows unauthenticated attackers to extract database contents with scope change. Abandoned plugin with no expected patch.
SQL injection in the Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the transaction_id parameter in /order_view.php and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The flaw enables attackers to read, modify, or delete sensitive data with network access only.
SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.
SQL injection in the User Login component of Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the emailadd parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or modify database contents. No patch is currently available to address this issue.
SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. [CVSS 8.6 HIGH]
A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not u...
SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.
SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.
A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. [CVSS 4.7 MEDIUM]
A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. [CVSS 4.7 MEDIUM]
SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.
SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in code-projects Online Music Site 1.0 via the fname parameter in /Frontend/Feedback.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive information. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.
SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /Frontend/AlbumByCategory.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in Online Music Site 1.0's ViewSongs.php parameter handling allows unauthenticated remote attackers to manipulate the ID argument and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and impacts the confidentiality, integrity, and availability of the affected application.
SQL injection in code-projects Content Management System 1.0 via the ID parameter in /pages.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to read, modify, or delete sensitive database information with low complexity from any network location.
A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. [CVSS 6.3 MEDIUM]
QNAP Hyper Data Protector before 2.2.4.1 has an SQL injection vulnerability that allows remote attackers to execute unauthorized commands on the backup database. Combined with CVE-2025-59388 (hardcoded credentials), this creates a critical attack chain.
An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.
The online-movie-booking application (v5.5) by gosaliajainam contains SQL injection in movie_details.php, allowing unauthenticated attackers to extract the entire database. PoC exists. This is an open-source educational project often deployed without hardening.
Content Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).
SQL injection in code-projects Content Management System 1.0 via the search.php parameter allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations should implement immediate input validation or access controls until patching is possible.
A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]
A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CVSS 7.5 HIGH]
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]