SQLi
Monthly
Multiple time-based blind SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to extract database information by injecting malicious SQL queries with time-delay payloads. Attackers can infer database contents character by character based on response timing differences. A public proof-of-concept exploit is available on Exploit-DB, significantly increasing the risk of exploitation.
SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to manipulate database queries through vulnerable parameters in admin panel files (/admin/users.php and /admin/mailer.php). Attackers can extract sensitive database information using time-based blind SQL injection or cause denial of service. A public proof-of-concept exploit is available on Exploit-DB, though the vulnerability is not currently in CISA's KEV catalog.
CodePhiliaX Chat2DB versions up to 0.3.7 contain a SQL injection vulnerability in the Database Export Handler component (DMDBManage.java) affecting multiple export functions. An authenticated attacker with low privileges can remotely exploit this vulnerability to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts.
SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands against connected PostgreSQL, MySQL, and MSSQL databases through the built-in SQL Agent plugin. The vulnerability stems from unsafe string concatenation of table names in the getTableSchemaSql() method across all three database connectors, bypassing proper parameterization. Any user with access to invoke the SQL Agent can exploit this to read, modify, or delete sensitive database contents.
SQL injection in OneUptime telemetry API before 10.0.23.
CVE-2026-25076 is an SQL injection vulnerability in the GraphQL Reports API of Anchore Enterprise versions before 5.25.1, allowing authenticated attackers to execute arbitrary SQL commands and modify database contents. With a CVSS score of 7.3 and low EPSS score (0.02%), this vulnerability requires authentication and adjacent network access, making it a moderate priority for organizations using Anchore Enterprise in their container security infrastructure.
SQL injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway that allows authenticated administrative users to execute arbitrary SQL commands against the backend database. An attacker with admin privileges can view, add, modify, or delete sensitive database information. While requiring high privileges (PR:H), the vulnerability has a CVSS score of 6.5 (Medium) due to high impact on confidentiality and integrity; no active exploitation in the wild or public POC has been reported at this time.
Blind SQL injection in UpsellWP checkout plugin versions 2.2.4 and earlier allows authenticated attackers to execute arbitrary SQL queries with network access and without user interaction. The vulnerability affects the checkout-upsell-and-order-bumps functionality and could enable data exfiltration or database manipulation. No patch is currently available for this high-severity flaw.
SQL injection vulnerability in the RealMag777 WOLF bulk-editor WordPress plugin (versions up to 1.0.8.7) that allows authenticated administrators to execute blind SQL injection attacks. With a low EPSS score of 0.02% and no KEV listing, this vulnerability requires high privileges to exploit and is not currently being actively exploited in the wild.
CP Contact Form with Paypal through version 1.3.61 contains a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries with network access. An attacker with user-level privileges can exploit this flaw to extract sensitive database information, though no patch is currently available.
WP EasyCart versions 5.8.13 and earlier are vulnerable to blind SQL injection, allowing authenticated attackers to execute arbitrary SQL queries through improper input sanitization. This vulnerability could enable attackers to extract or manipulate sensitive database information, though code execution is not possible. No patch is currently available for this high-severity vulnerability (CVSS 8.5).
Blind SQL injection in Meow Gallery up to version 5.4.4 allows high-privileged attackers to extract sensitive data from the application database through specially crafted SQL queries. An authenticated administrator with high privileges can exploit this vulnerability without user interaction to perform unauthorized database queries, potentially exposing confidential information. No patch is currently available for affected installations.
Blind SQL injection in Media Library Assistant through version 3.32 allows authenticated attackers to execute arbitrary SQL queries over the network, potentially leading to unauthorized data access and service disruption. The vulnerability requires valid user credentials but no user interaction, making it exploitable by internal or compromised accounts with minimal effort. No patch is currently available for affected installations.
Blind SQL injection in Geo to Lat versions up to 1.0.19 allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract or manipulate database contents, potentially leading to unauthorized data access and system disruption. No patch is currently available for this vulnerability.
A blind SQL injection vulnerability exists in the WordPress Collapsing Categories plugin (versions up to 3.0.9) that allows authenticated attackers with low privileges to execute arbitrary SQL queries against the database. The vulnerability enables extraction of sensitive data including user credentials, though it does not allow direct data modification. With a CVSS score of 8.5 and no current exploitation in the wild (not in KEV), this represents a serious but not critical risk for WordPress sites using this plugin.
Blind SQL injection in Collapsing Archives versions up to 3.0.7 allows authenticated attackers to execute arbitrary SQL queries through improper input sanitization. An attacker with user-level access can exploit this vulnerability to extract sensitive data from the database, though the impact is partially mitigated by the requirement for prior authentication. No patch is currently available for this vulnerability.
Booking Calendar versions 10.14.15 and earlier contain a blind SQL injection vulnerability in database query handling that allows high-privileged authenticated users to execute arbitrary SQL commands. An attacker with administrative credentials could exploit this to extract sensitive database information and potentially disrupt service availability. A patch is not currently available, requiring users to implement alternative mitigations or limit administrative access.
Fox LMS versions 1.0.6.3 and earlier are vulnerable to blind SQL injection attacks through improper input sanitization, allowing authenticated attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive database information. The vulnerability requires user authentication but can be exploited remotely with no user interaction needed, and carries a high CVSS score of 8.5. No patch is currently available for affected organizations.
SQL injection vulnerability in the weDevs WP ERP WordPress plugin affecting all versions up to and including 1.16.10, allowing authenticated attackers with low privileges to extract sensitive database information. With an EPSS score of 0.02% (5th percentile), this vulnerability has a very low probability of real-world exploitation and is not listed in CISA KEV, indicating it's not actively exploited in the wild.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
Dataease is an open source data visualization analysis tool. versions up to 2.10.20 is affected by sql injection.
SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. [CVSS 8.2 HIGH]
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 8.2 HIGH]
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. [CVSS 8.2 HIGH]
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. [CVSS 8.2 HIGH]
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. [CVSS 8.2 HIGH]
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. [CVSS 8.2 HIGH]
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. [CVSS 8.2 HIGH]
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. [CVSS 7.1 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. [CVSS 7.5 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. [CVSS 8.2 HIGH]
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. [CVSS 8.2 HIGH]
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. [CVSS 8.2 HIGH]
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. [CVSS 8.2 HIGH]
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. [CVSS 8.2 HIGH]
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. [CVSS 7.1 HIGH]
SQL injection in the registration module of itsourcecode Cafe Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, which provides attackers with potential access to sensitive data and database manipulation capabilities. No patch is currently available.
SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/doctor_action.php, potentially gaining unauthorized access to sensitive data and modifying database records. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.
FeMiner WMS versions up to 1.0 contain a SQL injection vulnerability in the department addition module that allows unauthenticated remote attackers to manipulate the Name parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.
SQL injection in the weimai-wetapp HomeController endpoint allows remote attackers with high privileges to manipulate the cat parameter and execute arbitrary database queries, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the development team has not yet responded to the early disclosure notification. A patch is not currently available.
SQL injection in the Admin_AdminUserController of weimai-wetapp allows remote attackers with high privileges to manipulate the keyword parameter and execute arbitrary SQL queries, potentially leading to unauthorized data access and modification. Public exploit code exists for this vulnerability, though no patch is currently available. The vulnerability affects Java-based deployments using affected versions of the weimai-wetapp project.
OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. No patch is currently available for affected versions.
An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. The fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types. There is no known workaround. - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36
SQL injection in WeGIA before 3.6.6.
WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).
SQL injection in Frappe framework before 15.84.0/14.99.0.
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.
SQL injection in Craft CMS ElementSearchController allows authenticated control panel users to execute arbitrary SQL queries and extract complete database contents through the criteria[where] and criteria[orderBy] parameters. The vulnerability exists because a previous SQL injection fix applied to ElementIndexesController was never implemented in this endpoint. An attacker with any control panel user account can exploit this via boolean-based blind injection without requiring administrative privileges.
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.
SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.
Unauthenticated attackers can exploit SQL injection in the JetBooking WordPress plugin through the check_in_date parameter to extract sensitive database information, affecting all versions up to 4.0.3. The vulnerability exists due to insufficient input escaping and unprepared SQL statements. No patch is currently available.
SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
Simply Schedule Appointments Booking Plugin versions up to 1.6.9.27. is affected by sql injection (CVSS 7.5).
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.
SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.
Unauthenticated attackers can exploit a time-based blind SQL injection in the WP Maps plugin for WordPress (versions up to 4.9.1) through the location_id parameter in the wpgmp_ajax_call AJAX handler to extract sensitive database information. The vulnerability stems from improper input validation that allows backtick-wrapped user input to bypass SQL escaping functions. No patch is currently available, leaving all affected WordPress installations at risk of data disclosure.
Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.
Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data by manipulating JSON object keys in WHERE clause operations. The vulnerability stems from improper sanitization of cast type parameters in the _traverseJSON() function, which directly interpolates user-controlled input into CAST SQL statements. Node.js applications using affected Sequelize versions are at risk of complete database compromise.
Multiple time-based blind SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to extract database information by injecting malicious SQL queries with time-delay payloads. Attackers can infer database contents character by character based on response timing differences. A public proof-of-concept exploit is available on Exploit-DB, significantly increasing the risk of exploitation.
SQL injection vulnerabilities in RealtyScript 4.0.2 allow unauthenticated remote attackers to manipulate database queries through vulnerable parameters in admin panel files (/admin/users.php and /admin/mailer.php). Attackers can extract sensitive database information using time-based blind SQL injection or cause denial of service. A public proof-of-concept exploit is available on Exploit-DB, though the vulnerability is not currently in CISA's KEV catalog.
CodePhiliaX Chat2DB versions up to 0.3.7 contain a SQL injection vulnerability in the Database Export Handler component (DMDBManage.java) affecting multiple export functions. An authenticated attacker with low privileges can remotely exploit this vulnerability to execute arbitrary SQL commands, potentially compromising data confidentiality, integrity, and availability. A public proof-of-concept exploit is available, and the vendor has not responded to early disclosure attempts.
SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands against connected PostgreSQL, MySQL, and MSSQL databases through the built-in SQL Agent plugin. The vulnerability stems from unsafe string concatenation of table names in the getTableSchemaSql() method across all three database connectors, bypassing proper parameterization. Any user with access to invoke the SQL Agent can exploit this to read, modify, or delete sensitive database contents.
SQL injection in OneUptime telemetry API before 10.0.23.
CVE-2026-25076 is an SQL injection vulnerability in the GraphQL Reports API of Anchore Enterprise versions before 5.25.1, allowing authenticated attackers to execute arbitrary SQL commands and modify database contents. With a CVSS score of 7.3 and low EPSS score (0.02%), this vulnerability requires authentication and adjacent network access, making it a moderate priority for organizations using Anchore Enterprise in their container security infrastructure.
SQL injection vulnerability in IBM Sterling B2B Integrator and Sterling File Gateway that allows authenticated administrative users to execute arbitrary SQL commands against the backend database. An attacker with admin privileges can view, add, modify, or delete sensitive database information. While requiring high privileges (PR:H), the vulnerability has a CVSS score of 6.5 (Medium) due to high impact on confidentiality and integrity; no active exploitation in the wild or public POC has been reported at this time.
Blind SQL injection in UpsellWP checkout plugin versions 2.2.4 and earlier allows authenticated attackers to execute arbitrary SQL queries with network access and without user interaction. The vulnerability affects the checkout-upsell-and-order-bumps functionality and could enable data exfiltration or database manipulation. No patch is currently available for this high-severity flaw.
SQL injection vulnerability in the RealMag777 WOLF bulk-editor WordPress plugin (versions up to 1.0.8.7) that allows authenticated administrators to execute blind SQL injection attacks. With a low EPSS score of 0.02% and no KEV listing, this vulnerability requires high privileges to exploit and is not currently being actively exploited in the wild.
CP Contact Form with Paypal through version 1.3.61 contains a blind SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries with network access. An attacker with user-level privileges can exploit this flaw to extract sensitive database information, though no patch is currently available.
WP EasyCart versions 5.8.13 and earlier are vulnerable to blind SQL injection, allowing authenticated attackers to execute arbitrary SQL queries through improper input sanitization. This vulnerability could enable attackers to extract or manipulate sensitive database information, though code execution is not possible. No patch is currently available for this high-severity vulnerability (CVSS 8.5).
Blind SQL injection in Meow Gallery up to version 5.4.4 allows high-privileged attackers to extract sensitive data from the application database through specially crafted SQL queries. An authenticated administrator with high privileges can exploit this vulnerability without user interaction to perform unauthorized database queries, potentially exposing confidential information. No patch is currently available for affected installations.
Blind SQL injection in Media Library Assistant through version 3.32 allows authenticated attackers to execute arbitrary SQL queries over the network, potentially leading to unauthorized data access and service disruption. The vulnerability requires valid user credentials but no user interaction, making it exploitable by internal or compromised accounts with minimal effort. No patch is currently available for affected installations.
Blind SQL injection in Geo to Lat versions up to 1.0.19 allows authenticated attackers to execute arbitrary SQL queries over the network with no user interaction required. An attacker with valid credentials can exploit this vulnerability to extract or manipulate database contents, potentially leading to unauthorized data access and system disruption. No patch is currently available for this vulnerability.
A blind SQL injection vulnerability exists in the WordPress Collapsing Categories plugin (versions up to 3.0.9) that allows authenticated attackers with low privileges to execute arbitrary SQL queries against the database. The vulnerability enables extraction of sensitive data including user credentials, though it does not allow direct data modification. With a CVSS score of 8.5 and no current exploitation in the wild (not in KEV), this represents a serious but not critical risk for WordPress sites using this plugin.
Blind SQL injection in Collapsing Archives versions up to 3.0.7 allows authenticated attackers to execute arbitrary SQL queries through improper input sanitization. An attacker with user-level access can exploit this vulnerability to extract sensitive data from the database, though the impact is partially mitigated by the requirement for prior authentication. No patch is currently available for this vulnerability.
Booking Calendar versions 10.14.15 and earlier contain a blind SQL injection vulnerability in database query handling that allows high-privileged authenticated users to execute arbitrary SQL commands. An attacker with administrative credentials could exploit this to extract sensitive database information and potentially disrupt service availability. A patch is not currently available, requiring users to implement alternative mitigations or limit administrative access.
Fox LMS versions 1.0.6.3 and earlier are vulnerable to blind SQL injection attacks through improper input sanitization, allowing authenticated attackers to execute arbitrary SQL queries and potentially exfiltrate sensitive database information. The vulnerability requires user authentication but can be exploited remotely with no user interaction needed, and carries a high CVSS score of 8.5. No patch is currently available for affected organizations.
SQL injection vulnerability in the weDevs WP ERP WordPress plugin affecting all versions up to and including 1.16.10, allowing authenticated attackers with low privileges to extract sensitive database information. With an EPSS score of 0.02% (5th percentile), this vulnerability has a very low probability of real-world exploitation and is not listed in CISA KEV, indicating it's not actively exploited in the wild.
High severity vulnerability in wpDiscuz (WordPress plugin). wpDiscuz before 7.6.47 contains an SQL injection vulnerability in the getAllSubscriptions() function where string parameters lack proper quote escaping in SQL queries. Attackers can inject malicious SQL code through email, activation_key, subscription_date, and imported_from parameters to manipulate database queries and extract sensitive information.
Dataease is an open source data visualization analysis tool. versions up to 2.10.20 is affected by sql injection.
SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.
Netartmedia Real Estate Portal 5.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. [CVSS 8.2 HIGH]
Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through unvalidated parameters. [CVSS 8.2 HIGH]
Netartmedia PHP Mall 4.1 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through various parameters. [CVSS 8.2 HIGH]
202CMS v10 beta contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. [CVSS 8.2 HIGH]
202CMS v10 beta contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the log_user parameter. [CVSS 8.2 HIGH]
Netartmedia Event Portal 2.0 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Real Estate Agency 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Dating Site contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Car Dealer contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the features[] parameter. [CVSS 8.2 HIGH]
Netartmedia PHP Business Directory 4.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia Jobs Portal 6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the Email parameter. [CVSS 8.2 HIGH]
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. [CVSS 8.2 HIGH]
uHotelBooking System contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the system_page GET parameter. [CVSS 8.2 HIGH]
Placeto CMS Alpha rv.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'page' parameter. [CVSS 7.1 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the property1 parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the numguest parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the location parameter. [CVSS 8.2 HIGH]
Inout EasyRooms Ultimate Edition v1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the guests parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. [CVSS 8.2 HIGH]
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gal_id parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the option parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the poll parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the gallery_id parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an authentication bypass vulnerability in the login.php administration panel that allows unauthenticated attackers to gain administrative access by submitting crafted SQL syntax. [CVSS 7.5 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows attackers to inject malicious SQL commands through the kelime parameter in POST requests. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the videoid parameter. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Haber Sitesi Scripti V2 contains an authentication bypass vulnerability in the administration panel that allows unauthenticated attackers to gain administrative access by exploiting improper SQL query validation. [CVSS 8.2 HIGH]
XooDigital Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to extract sensitive database information. [CVSS 8.2 HIGH]
Jettweb Php Hazir Ilan Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'kat' parameter. [CVSS 8.2 HIGH]
Jettweb Hazir Rent A Car Scripti V4 contains multiple SQL injection vulnerabilities in the admin panel that allow unauthenticated attackers to manipulate database queries through GET parameters. [CVSS 8.2 HIGH]
Jettweb PHP Hazir Rent A Car Sitesi Scripti V2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the arac_kategori_id parameter. [CVSS 8.2 HIGH]
iScripts ReserveLogic contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the jqSearchDestination parameter. [CVSS 8.2 HIGH]
Inout RealEstate contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the city parameter. [CVSS 8.2 HIGH]
Clinic Pro contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the month parameter. [CVSS 7.1 HIGH]
SQL injection in the registration module of itsourcecode Cafe Reservation System 1.0 allows unauthenticated remote attackers to manipulate the Username parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, which provides attackers with potential access to sensitive data and database manipulation capabilities. No patch is currently available.
SQL injection in itsourcecode Online Doctor Appointment System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /admin/doctor_action.php, potentially gaining unauthorized access to sensitive data and modifying database records. Public exploit code exists for this vulnerability, and no patch is currently available.
SQL injection in the Online Doctor Appointment System 1.0 admin panel allows unauthenticated remote attackers to manipulate the patient_id parameter and execute arbitrary database queries. The vulnerability affects the /admin/patient_action.php file and enables attackers to compromise data confidentiality, integrity, and availability. Public exploit code exists for this vulnerability, and no patch is currently available.
Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.
FeMiner WMS versions up to 1.0 contain a SQL injection vulnerability in the department addition module that allows unauthenticated remote attackers to manipulate the Name parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and can compromise the confidentiality, integrity, and availability of the underlying database.
SQL injection in the weimai-wetapp HomeController endpoint allows remote attackers with high privileges to manipulate the cat parameter and execute arbitrary database queries, potentially leading to unauthorized data access or modification. Public exploit code is available for this vulnerability, and the development team has not yet responded to the early disclosure notification. A patch is not currently available.
SQL injection in the Admin_AdminUserController of weimai-wetapp allows remote attackers with high privileges to manipulate the keyword parameter and execute arbitrary SQL queries, potentially leading to unauthorized data access and modification. Public exploit code exists for this vulnerability, though no patch is currently available. The vulnerability affects Java-based deployments using affected versions of the weimai-wetapp project.
OpenEMR versions prior to 8.0.0.1 contain a SQL injection vulnerability in the ajax graphs library that allows authenticated users to execute arbitrary database queries, potentially leading to complete compromise of patient health records and system data. The vulnerability stems from insufficient input validation and requires valid credentials to exploit, but poses a critical risk given the sensitive nature of healthcare data stored in OpenEMR systems. No patch is currently available for affected versions.
SQL injection in generatedata 4.0.14.
An attacker with access to the master key can inject malicious SQL via crafted field names used in query constraints when Parse Server is configured with PostgreSQL as the database. The field name in a `$regex` query operator is passed to PostgreSQL using unparameterized string interpolation, allowing the attacker to manipulate the SQL query. While the master key controls what can be done through the Parse Server abstraction layer, this SQL injection bypasses Parse Server entirely and operates at the database level. This vulnerability only affects Parse Server deployments using PostgreSQL. The fix applies proper SQL identifier escaping to field names in the query handler and hardens query field name validation to reject malicious field names for all query types. There is no known workaround. - GitHub security advisory: https://github.com/parse-community/parse-server/security/advisories/GHSA-c442-97qw-j6c6 - Fix Parse Server 9: https://github.com/parse-community/parse-server/releases/tag/9.6.0-alpha.10 - Fix Parse Server 8: https://github.com/parse-community/parse-server/releases/tag/8.6.36
SQL injection in WeGIA before 3.6.6.
WeGIA is a web manager for charitable institutions. versions up to 3.6.6 is affected by sql injection (CVSS 8.8).
SQL injection in Frappe framework before 15.84.0/14.99.0.
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. [CVSS 8.2 HIGH]
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31. Third Parse Server SQLi.
SQL injection in Craft CMS ElementSearchController allows authenticated control panel users to execute arbitrary SQL queries and extract complete database contents through the criteria[where] and criteria[orderBy] parameters. The vulnerability exists because a previous SQL injection fix applied to ElementIndexesController was never implemented in this endpoint. An attacker with any control panel user account can exploit this via boolean-based blind injection without requiring administrative privileges.
SQL injection in Parse Server before 9.6.0-alpha.5/8.6.31.
SQL injection in Parse Server before 9.6.0-alpha.2/8.6.28.
Unauthenticated attackers can exploit SQL injection in the JetBooking WordPress plugin through the check_in_date parameter to extract sensitive database information, affecting all versions up to 4.0.3. The vulnerability exists due to insufficient input escaping and unprepared SQL statements. No patch is currently available.
SQL injection in itsourcecode University Management System 1.0 via the Name parameter in /att_add.php enables unauthenticated remote attackers to read, modify, or delete database contents. Public exploit code exists for this vulnerability, and no patch is currently available.
Simply Schedule Appointments Booking Plugin versions up to 1.6.9.27. is affected by sql injection (CVSS 7.5).
An SQL injection vulnerability has been reported to affect Video Station. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute unauthorized code or commands.
SQL injection in the Koha library management system's staff interface allows authenticated users to manipulate the displayby parameter in suggestion.pl, enabling arbitrary SQL query execution against the backend database. Low-privileged staff members can exploit this vulnerability to extract sensitive data or modify database contents without additional privileges. No patch is currently available to remediate this high-severity vulnerability.
Unauthenticated attackers can exploit a time-based blind SQL injection in the WP Maps plugin for WordPress (versions up to 4.9.1) through the location_id parameter in the wpgmp_ajax_call AJAX handler to extract sensitive database information. The vulnerability stems from improper input validation that allows backtick-wrapped user input to bypass SQL escaping functions. No patch is currently available, leaving all affected WordPress installations at risk of data disclosure.
Unauthenticated attackers can extract sensitive database information from WordPress sites running the Ally plugin (versions up to 4.0.3) through SQL injection in the URL parameter handling of the Remediation module. The vulnerability exists because user input is insufficiently sanitized before being concatenated into SQL queries, allowing time-based blind SQL injection attacks despite URL escaping being applied. No patch is currently available.
Sylius eCommerce Framework versions prior to 1.9.12, 1.10.16, 1.11.17, 1.12.23, 1.13.15, 1.14.18, 2.0.16, 2.1.12, and 2.2.3 are vulnerable to DQL injection through the ProductPriceOrderFilter and TranslationOrderNameAndLocaleFilter API endpoints, which fail to validate user-supplied order direction parameters before passing them to Doctrine. An unauthenticated remote attacker can inject arbitrary DQL queries to read sensitive data from the application database. No patch is currently available for this medium-severity vulnerability.
SQL injection in Sequelize prior to version 6.37.8 allows unauthenticated attackers to execute arbitrary SQL queries and extract sensitive data by manipulating JSON object keys in WHERE clause operations. The vulnerability stems from improper sanitization of cast type parameters in the _traverseJSON() function, which directly interpolates user-controlled input into CAST SQL statements. Node.js applications using affected Sequelize versions are at risk of complete database compromise.