SQLi

SQL injection in Cisco Secure FMC REST API allows authenticated attackers with administrative privileges to read sensitive database contents and operating system files. The vulnerability stems from insufficient input validation on API endpoints and requires valid credentials (Administrator, Security Approver, Access Admin, or Network Admin roles) to exploit. No patch is currently available.

Ashop Shopping Cart Software contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'shop' parameter. [CVSS 8.2 HIGH]

FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login endpoint. [CVSS 8.2 HIGH]

Tradebox 5.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the symbol parameter. [CVSS 7.1 HIGH]

NCrypted Jobgator contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the experience parameter. [CVSS 8.2 HIGH]

PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. [CVSS 7.1 HIGH]

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the app_id parameter. [CVSS 8.2 HIGH]

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the employerid parameter. [CVSS 8.2 HIGH]

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the job_id parameter. [CVSS 8.2 HIGH]

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landing_location parameter. [CVSS 8.2 HIGH]

SQL injection in databaseir v.1.0.7 via query parameter. PoC available.

Code execution via HwRwDrv.sys in Nil Hardware Editor. PoC available.

The JS Help Desk - AI-Powered Support & Ticketing System plugin for WordPress is vulnerable to SQL Injection via the 'js-support-ticket-token-tkstatus' cookie in version 2.8.2 due to an incomplete fix for CVE-2023-50839 where a second sink was left with insufficient escaping on the user supplied values and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

The WP-Members Membership Plugin for WordPress through version 3.5.5.1 contains a SQL injection vulnerability in the [wpmem_user_membership_posts] shortcode's 'order_by' parameter due to insufficient input escaping and query preparation. Authenticated attackers with Contributor-level access or higher can exploit this to execute arbitrary SQL queries and extract sensitive database information. No patch is currently available.

SQL injection in the Email Subscribers by Icegram Express WordPress plugin through version 5.9.16 allows authenticated administrators to execute arbitrary database queries via the 'workflow_ids' parameter due to insufficient input escaping. An attacker with admin-level access could exploit this to extract sensitive information from the database. No patch is currently available for this vulnerability.

SQL injection in itsourcecode College Management System 1.0 allows authenticated remote attackers to manipulate the course_code parameter in /admin/class-result.php and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but can be executed over the network with minimal complexity.

SQL injection in itsourcecode College Management System 1.0 via the roll_no parameter in /admin/student-fee.php allows authenticated administrators to execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires high-level privileges but poses a risk to confidentiality, integrity, and availability of student records.

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 7.2).

Simple Logistic Hub Parcel\'S Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. [CVSS 2.7 LOW]

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. [CVSS 2.7 LOW]

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. [CVSS 2.7 LOW]

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. [CVSS 2.7 LOW]

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. [CVSS 8.2 HIGH]

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

Simple Online Men\'S Salon Management System versions up to 1.0 is affected by sql injection (CVSS 2.7).

SQL injection in renren-security before v5.5.0 in BaseServiceImpl.java. PoC available.

Calendar Booking Plugin for Appointments and Event versions up to 5.2.7 is affected by sql injection (CVSS 6.5).

Simple Food Order System v1.0 has SQL injection in cancel-order.

Simple Food Order System v1.0 has SQL injection in view-ticket-admin.

Simple Food Order System v1.0 has SQL injection in view-ticket.

Simple Food Order System v1.0 has SQL injection in edit-order.

Simple Gym Management System v1.0 has SQL injection in trainer search.

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Unauthenticated attackers can exploit blind SQL injection in the Contest Gallery WordPress plugin through improperly sanitized email parameters to extract sensitive database information without authentication. Affected versions through 28.1.4 fail to properly escape user input in the 'cgLostPasswordEmail' and 'cgl_mail' parameters, allowing attackers to inject arbitrary SQL commands. No patch is currently available for all vulnerable versions.

Pharmacy POS has a fifth SQL injection in view_sales.

Pharmacy POS has a fourth SQL injection in view_reports.

Pharmacy POS has a third SQL injection in view_products.

Pharmacy POS has a second SQL injection in view_categories.

SQL injection in NocoDB versions prior to 0.301.3 allows authenticated users with Creator role to execute arbitrary SQL commands through the DATEADD formula's unit parameter. This high-severity vulnerability enables attackers to compromise data confidentiality, integrity, and system availability with network access and low complexity. No patch is currently available for affected installations.

Pharmacy Point of Sale System v1.0 has SQL injection in manage endpoints.

Personnel Property Equipment System has a fourth SQL injection.

Personnel Property Equipment System v1.0 has a third SQL injection.

Personnel Property Equipment System v1.0 has a second SQL injection in a different admin endpoint.

Personnel Property Equipment System v1.0 has SQL injection in admin panel.

Simple Student Alumni System v1.0 has a third SQL injection.

Simple Student Alumni System v1.0 has SQL injection in record_search.php.

Simple Student Alumni System v1.0 has SQL injection in modal_view.php.

Chamilo LMS prior to 1.11.30 has a time-based SQL injection in a different endpoint, providing an additional database extraction vector.

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. [CVSS 7.2 HIGH]

Chamilo LMS prior to 1.11.30 has an error-based SQL injection enabling database extraction.

SQL injection in Simple Student Alumni System v1.0's modal_edit.php endpoint allows authenticated administrators to extract sensitive database information through unauthenticated network requests. Public exploit code exists for this vulnerability, though no patch is currently available. The attack requires high-level privileges but can bypass intended access controls to read confidential data.

Simple Student Alumni System v1.0 contains a SQL injection vulnerability in the recordteacher_view.php endpoint that allows authenticated administrators to extract sensitive data from the underlying database. Public exploit code exists for this vulnerability, though a patch is currently unavailable. The attack requires high-level administrative privileges but can be executed remotely without user interaction.

A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path resulting in Blind SQL Injection.

In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.

including data processed by GCM CLININET software.This issue affects CGM NETRAAD with imageserver module in versions up to 7.9.0. is affected by sql injection.

A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending specially crafted SQL queries through the login interface.

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student.php allows unauthenticated remote attackers to manipulate database queries with public exploit code currently available. The vulnerability enables attackers to read, modify, or delete sensitive academic and administrative data without authentication. No patch is currently available for this PHP-based application.

SQL injection in itsourcecode University Management System 1.0 via the ID parameter in /admin_single_student_update.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive student records. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected institutions at immediate risk.

Society Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

SQL injection in Online Art Gallery Shop 1.0 via the fname parameter in /admin/registration.php enables unauthenticated remote attackers to manipulate database queries. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected PHP installations at immediate risk of data compromise or unauthorized access.

Unauthenticated SQL injection in wpForo 2.4.14 allows remote attackers to extract sensitive data from WordPress databases through the wpfob parameter via blind boolean-based attacks. The vulnerability exploits inadequate sanitization of ORDER BY clause identifiers, enabling credential theft without authentication. No patch is currently available for affected installations.

The Tutor LMS - eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]

Authenticated users can execute arbitrary SQL commands against openDCIM 23.04 and earlier through unsanitized input in the Config::UpdateParameter function, enabling complete database compromise. The vulnerability exists in install.php and container-install.php handlers that pass user input directly into SQL queries without prepared statements. Public exploit code is available for this SQL injection vulnerability affecting PHP-based deployments.

SQL injection in Group Office email template selection endpoint allows authenticated attackers to extract sensitive data from the database through the unvalidated comparator parameter in advancedQueryData. An attacker with valid credentials can perform blind boolean-based attacks to exfiltrate password hashes from the core_auth_password table. Affected versions prior to 26.0.8, 25.0.87, and 6.8.153 require immediate patching.

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. [CVSS 8.2 HIGH]

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. [CVSS 8.2 HIGH]

osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. [CVSS 8.2 HIGH]

Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. [CVSS 8.2 HIGH]

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. [CVSS 8.2 HIGH]

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. [CVSS 8.2 HIGH]

Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. [CVSS 8.2 HIGH]

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. [CVSS 8.2 HIGH]

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. [CVSS 8.2 HIGH]

Blind SQL injection in Centreon Web's Service Dependencies module allows authenticated attackers to extract sensitive database information through unsanitized array keys in deletion requests. This vulnerability affects Centreon Web versions before 25.10.8, 24.10.20, and 24.04.24 on Linux systems, requiring valid credentials but no user interaction to exploit. No patch is currently available, leaving affected deployments vulnerable to database reconnaissance and potential data exfiltration.

Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privileges.

SQL injection in Signum Technology application allows unauthenticated attackers to execute arbitrary SQL queries.

SQL injection in the MailArchiver WordPress plugin through version 4.5.0 allows authenticated administrators to extract sensitive database information by injecting malicious SQL commands via the 'logid' parameter due to improper input escaping. The vulnerability requires high-level privileges and administrator credentials to exploit, limiting its risk to insider threats or compromised administrative accounts. No patch is currently available for this medium-severity issue.

SQL injection in Dayneks Software allows unauthenticated attackers to manipulate database queries and extract or modify data.

SQL injection in jizhiCMS up to version 2.5.6 via the findAll function in the Model.php batch interface allows authenticated remote attackers to manipulate database queries and potentially access or modify sensitive data. Public exploit code is available for this vulnerability, and no patch has been released despite vendor notification. The flaw requires valid user credentials but can be exploited over the network with minimal additional complexity.

SQL injection in Youlai Mall 2.0.0's product pagination endpoint allows authenticated remote attackers to manipulate the sortField parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and the vendor has not provided a patch. Attackers with valid credentials can exploit this flaw to read or modify sensitive data within the database.

SQL injection in Phishing Club's GetOrphaned recipient endpoint allows authenticated attackers to manipulate ORDER BY clauses by injecting malicious SQL expressions through an unvalidated sortBy parameter. Public exploit code exists for this vulnerability, affecting versions prior to 1.30.2, where attackers can extract sensitive data despite the lack of direct integrity or availability impact. The vulnerability has been patched in v1.30.2 through implementation of column allowlist validation.

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /settings/index.php allows unauthenticated remote attackers to manipulate database queries and potentially read or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available. Organizations running affected versions should implement access controls or upgrade immediately to mitigate the risk.

SQL injection in Discourse's private message tag filtering allows authenticated users to bypass tag restrictions and read unauthorized private message metadata. Affected versions prior to 2025.12.2, 2026.1.1, and 2026.2.0 expose sensitive conversation information to users who should not have access. No patch workaround exists for unpatched installations.

SQL injection in SPIP prior to 4.4.10 enables authenticated users with low privileges to execute arbitrary SQL commands and achieve remote code execution through union-based injection combined with PHP tag processing. The vulnerability affects SPIP and PHP environments, requiring only network access and valid credentials to exploit. No patch is currently available, presenting significant risk to production SPIP installations.

Remote control vulnerability in Unitree Go2 robot dog firmware 1.1.7-1.1.11. The companion Android app allows remote attackers to take control of the robot. PoC available.

SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the database that will be executed.

The WP SMS plugin for WordPress through version 6.9.12 contains an SQL injection vulnerability that allows high-privileged authenticated users to manipulate database queries and extract sensitive information. An attacker with administrative credentials could exploit this to read arbitrary data from the WordPress database, potentially compromising user information and site configuration. No patch is currently available for this vulnerability.