Skip to main content

SQLi

15162 CVEs technique

Monthly

CVE-2026-10237 LOW Monitor

SQL injection in SourceCodester Water Billing Management System 1.0 exposes the User Management Module to database manipulation by authenticated administrators via the ID parameter at /admin/?page=user/manage_user. A publicly available proof-of-concept exploit exists per the CVSS E:P supplemental metric and a researcher's GitHub advisory. Despite network reachability, practical impact is low across confidentiality, integrity, and availability, and exploitation is gated behind high administrative privileges, earning a CVSS 4.0 base score of 2.0.

SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-10235 LOW POC Monitor

SQL injection in CodeAstro Ingredients Stock Management System 1.0 exposes authenticated remote attackers a direct path to database manipulation through the unsanitized `txt_search_category` parameter in `/Ingredients-Stock/stock_manager.php`. The CVSS vector (PR:L) confirms that low-privilege authentication is required, partially limiting exposure, but a publicly available proof-of-concept on GitHub significantly lowers the exploitation barrier. No confirmed active exploitation (CISA KEV) has been reported; however, the combination of low complexity, network accessibility, and public exploit code makes this a realistic threat against any internet-facing deployment where attacker credential acquisition is feasible.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10227 MEDIUM POC This Month

SQL injection in raisulislamg4's PHP-based Student Management System allows remote unauthenticated attackers to manipulate the 'role' parameter in add_user_check.php to inject arbitrary SQL queries. Publicly available exploit code exists per VulDB disclosure, and the project (a rolling-release GitHub repository) has not responded to the reporter's issue, leaving deployments unpatched. CVSS 7.3 with low complexity and no privileges required makes this an attractive low-effort target despite the limited deployment footprint of this open-source educational project.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10226 MEDIUM POC This Month

SQL injection in raisulislamg4's Student Management System (PHP) allows remote unauthenticated attackers to manipulate database queries via the user_id, course_id, teacher_id, student_id, or application_id parameters in delete.php. Publicly available exploit code exists, and the project operates on a rolling release model with no formal versioning, complicating patch tracking. The maintainer has been notified but has not responded, leaving deployments exposed.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10225 MEDIUM POC This Month

SQL injection in raisulislamg4's PHP-based Student Management System allows remote unauthenticated attackers to manipulate the Username parameter in login_check.php to inject arbitrary SQL. Publicly available exploit code exists per the GitHub issue tracker, and the project follows a rolling-release model with no fixed version available. The vendor was notified early but has not responded, leaving deployments unpatched.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-48188 CRITICAL Act Now

Unauthenticated SQL injection in OTRS and the legacy ((OTRS)) Community Edition database layer enables authentication bypass when the backing MySQL/MariaDB instance runs with the NO_BACKSLASH_ESCAPES SQL mode. The flaw carries a CVSS of 9.1 with network-reachable, no-privileges-required exploitation against confidentiality and integrity, but no public exploit identified at time of analysis and the issue is gated by a specific non-default database configuration.

SQLi Authentication Bypass Otrs Otrs Community Edition
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2026-10209 LOW POC Monitor

SQL injection in code-projects Online Hospital Management System 1.0 exposes backend database contents via the `editid` parameter in `appointmentdetail.php`. A low-privilege authenticated attacker can remotely manipulate SQL queries to read, modify, or corrupt patient and appointment records. A proof-of-concept exploit is publicly available per the GitHub reference, raising the likelihood of opportunistic exploitation against internet-facing deployments of this PHP application.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10208 MEDIUM POC This Month

SQL injection in code-projects Online Hospital Management System 1.php enables remote unauthenticated attackers to manipulate the Username parameter sent to the login_user function in login_1.php, allowing arbitrary SQL query execution against the backend database. Publicly available exploit code exists (published on GitHub by researcher Mi0uno), increasing the likelihood of opportunistic exploitation, though the CVE is not listed in CISA KEV and EPSS data is not provided. Per CVSS, exploitation requires no authentication or user interaction and impacts confidentiality, integrity, and availability at a low level (CVSS 7.3).

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10204 LOW Monitor

SQL injection in OFCMS 1.1.3 enables authenticated remote attackers to manipulate database queries through the JSON Query Interface exposed in SysUserController.java. Publicly available exploit code exists (confirmed by CVSS 4.0 E:P modifier and the CVE description), raising the practical risk above what the low CVSS 4.0 score of 2.1 implies. The project maintainers were notified via a Gitee issue report but have not responded, meaning no vendor patch exists at time of analysis - defenders must rely entirely on compensating controls.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10203 LOW Monitor

SQL injection in OFCMS 1.1.3's JSON Query Interface allows authenticated remote attackers to manipulate database queries via the `Query` function in `SystemParamController.java`. A public proof-of-concept exploit has been released (CVSS E:P confirmed), while the vendor has not responded to the responsible disclosure report, leaving the vulnerability unpatched. The CVSS 4.0 score of 2.1 reflects low-privilege authentication requirements and limited blast radius, but the existence of public exploit code and the absence of any vendor patch elevates practical concern for deployments with internet-exposed admin interfaces.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10202 LOW Monitor

SQL injection in OFCMS 1.1.3 allows remote low-privileged attackers to manipulate database queries through the Query function of SystemDictController.java's JSON Query Interface. Attackers with a valid low-privilege account can send crafted input to this endpoint to read, modify, or partially disrupt data within the application's database scope. No public exploit identified at time of analysis beyond publicly available proof-of-concept code; the project maintainer has not responded to the responsible disclosure filed via Gitee issue, leaving the vulnerability unpatched.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10193 LOW POC Monitor

SQL injection in OFCMS versions up to 1.1.3 allows remote low-privileged attackers to inject arbitrary SQL through the `system.user.query` argument within the `ComnController.Query` function, achieving partial compromise of confidentiality, integrity, and availability against the underlying database. Publicly available exploit code exists - referenced via Gitee issue IJLFCA - elevating practical risk above what the moderate CVSS base score of 6.3 alone suggests. No vendor patch has been released; the project maintainer has not responded to the responsible disclosure report, leaving all 1.1.3-and-below deployments unmitigated.

Java SQLi
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10186 MEDIUM This Month

SQL injection in code-projects Online Hospital Management System 1.0 allows unauthenticated remote attackers to manipulate database queries via the `editid` parameter in /patient.php, potentially exposing or modifying patient records. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-authentication, network-accessible exploitation with no special conditions, and a public proof-of-concept has been disclosed via GitHub. While the CVSS 5.5 score reflects limited per-component impact (Low confidentiality, integrity, and availability), the absence of any access barrier combined with POC availability makes this an actionable risk for any exposed deployment.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10185 MEDIUM This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 exposes sensitive medical data to unauthenticated remote attackers through the ID parameter of the /classes/Users.php?f=save endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote access requiring no credentials or user interaction, and a publicly available proof-of-concept exploit (E:P) further elevates real-world risk beyond the moderate 5.5 base score. No vendor-released patch has been identified, leaving all known deployments of version 1.0 exposed to data exfiltration and manipulation of patient health records.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10184 MEDIUM This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /classes/Users.php?f=delete, enabling unauthorized read and write access to the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and the E:P modifier confirms publicly available exploit code exists. While CVSS impact scores are rated Low across confidentiality, integrity, and availability, the unauthenticated network accessibility combined with a live POC elevates the practical deployment risk for any internet-exposed instance.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-49490 HIGH This Week

SQL injection in OpenCATS 0.9.1a and later allows authenticated attackers to execute arbitrary SQL queries against the backend database by abusing DataGrid filter handling on the Candidates module's Tags column. The flaw bypasses the application's column filterable restrictions, enabling data theft or modification of the recruitment platform's stored candidate records. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Opencats
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.0%
CVE-2026-49489 HIGH POC This Week

SQL injection in OpenCATS through 0.9.7.4 allows authenticated users to extract arbitrary database contents by injecting malicious SQL into the sortDirection parameter of ajax/getDataGridPager.php. Publicly available exploit code exists (Exploit-DB 52579, Packet Storm), and the issue was disclosed via a GitHub Security Advisory coordinated with VulnCheck. The CVSS 4.0 base score of 8.4 reflects high confidentiality impact with a subsequent-system scope change, though exploitation requires a valid low-privileged account.

PHP Information Disclosure SQLi
NVD GitHub Exploit-DB VulDB
CVSS 4.0
8.4
EPSS
0.0%
CVE-2026-10178 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 allows remote unauthenticated attackers to manipulate the ID parameter of /Administrator/PHP/AdminEditAlbum.php to inject arbitrary SQL queries. Publicly available exploit code exists (disclosed via VulDB submission 819912 and a GitHub issue), though there is no CISA KEV listing and no EPSS data provided to gauge exploitation probability. The vulnerability carries a CVSS 7.3 score reflecting low complexity and no authentication requirement, but only partial CIA impact.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10176 LOW POC Monitor

SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. The vendor has not yet responded to the responsible disclosure and no patch has been released, leaving users without an official remediation path.

SQLi Aider
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10171 LOW POC Monitor

SQL injection in code-projects Online Music Site 1.0 exposes the administrator backend endpoint /Administrator/PHP/AdminUpdateAlbum.php to database manipulation via an unsanitized ID parameter. Exploitation requires high-privilege (administrator) credentials per CVSS PR:H, meaning only authenticated admins - or attackers who have already compromised an admin account - can trigger the flaw. A public proof-of-concept has been disclosed via GitHub, but no CISA KEV listing exists, and no public exploitation activity has been confirmed at this time.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2026-10170 LOW POC Monitor

SQL injection in code-projects Visitor Management System 1.0 exposes the `/vms/php/phone_0.php` endpoint to database manipulation via the unsanitized `phone` parameter, exploitable by authenticated remote attackers. A publicly available exploit chain on GitHub (by Xmyronn) explicitly demonstrates escalation from this SQL injection to remote code execution, elevating the real-world severity beyond the CVSS 6.3 base score. No public exploit identified at time of analysis as actively exploited (not in CISA KEV), but the published RCE chain makes this a meaningful risk for any internet-exposed deployment.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
2.1
EPSS
0.0%
CVE-2026-10155 LOW Monitor

SQL injection in Bdtask Multi-Store Inventory Management System 1.0 exposes backend database contents through the Accounts Report Handler's date-range search functionality. The vulnerability resides in the accounts_report_search function (Accounts.php), where the dtpToDate argument is passed to a SQL query without sanitization, allowing an authenticated high-privileged user to read, modify, or partially disrupt database data. Publicly available exploit code exists (CVSS 4.0 E:P), though the high-privilege prerequisite significantly limits the realistic attacker population; the vulnerability is not listed in CISA KEV.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2018-25425 HIGH POC This Week

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25424 HIGH POC This Week

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.2%
CVE-2018-25422 HIGH POC This Week

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25420 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25419 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25418 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25417 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25416 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25415 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25414 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25413 HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25411 HIGH POC This Week

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25410 HIGH POC This Week

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25407 HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25406 HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25405 HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-9757 HIGH This Week

SQL injection in the GEO my WP WordPress plugin (versions ≤4.5.5) allows unauthenticated remote attackers to append arbitrary SQL via the 'swlatlng' and 'nelatlng' query-string parameters, enabling extraction of sensitive database contents. The flaw stems from reading parameters directly from $_SERVER['QUERY_STRING'] with parse_str(), bypassing WordPress's wp_magic_quotes sanitization. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but exploitation requires only a public page hosting the Posts Locator results shortcode.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-10111 MEDIUM POC This Month

SQL injection in sambitraj's Student Management System 1.0 exposes the login page to unauthenticated remote exploitation via a crafted email parameter, enabling attackers to manipulate backend database queries. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no user interaction, and no special conditions are required for exploitation. A public proof-of-concept exploit exists via a published GitHub issue, and the vendor has not responded to responsible disclosure - no patch is available at time of analysis.

SQLi Student Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-10110 MEDIUM POC This Month

SQL injection in code-projects Student Details Management System 1.0 exposes the application's database to unauthenticated remote attackers via the unsanitized `roll` parameter in /index.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is exploitable over the network with no privileges or user interaction required, and a public proof-of-concept exploit is hosted on GitHub, materially lowering the barrier to exploitation. Impact is rated as partial across confidentiality, integrity, and availability (VC:L/VI:L/VA:L), though SQL injection primitives often enable escalation beyond the initial access implied by the base score.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-38739 PHP HIGH GHSA This Week

Union-based SQL injection in eZ Publish Legacy's dfscleanup.php script allows a local authenticated attacker with sufficient privileges to extract sensitive data, including user credentials, from the underlying MySQL database. The flaw resides in the `_getFileList` function of the `eZDFSFileHandlerMySQLiBackend` class and is permanently unpatched because all branches of the project have reached end of life. No public exploit identified at time of analysis, though a detailed researcher write-up exists on GitHub.

PHP Information Disclosure SQLi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-10105 PyPI HIGH PATCH GHSA This Week

SQL injection in agno 2.6.5's ClickHouse vector database backend allows authenticated attackers to inject arbitrary SQL via metadata keys and values passed to delete_by_metadata(). The flaw stems from unsafe f-string interpolation in clickhousedb.py and enables row deletion, targeted data tampering, and information extraction through error-based or blind SQLi. No public exploit identified at time of analysis, but a vendor patch (PR #7883) is available and the issue was disclosed by VulnCheck.

SQLi Agno
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-39229 MEDIUM This Month

SQL Injection in Bolt CMS through version 3.7.0 exposes sensitive database contents to any authenticated low-privilege user via the unsanitized 'order' parameter on content listing pages. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms network-exploitable, low-complexity access requiring only a low-privileged account, with full confidentiality impact but no integrity or availability impact - placing this squarely in the data-exfiltration threat category. No public exploit confirmed at time of analysis, and no vendor-released patch has been identified from available data.

SQLi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2018-25404 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25403 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25402 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25401 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25400 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25399 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25398 HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25395 HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25394 HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25392 HIGH POC This Week

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2018-25390 HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25389 HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25386 HIGH POC This Week

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25385 HIGH POC This Week

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2018-25382 HIGH POC This Week

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure
NVD Exploit-DB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-44238 HIGH PATCH This Week

SQL injection in FreePBX CDR Reports module prior to versions 16.0.50 and 17.0.11 allows authenticated users with CDR section access to execute arbitrary SQL queries via the order and sort POST parameters. The flaw requires a valid Administration Control Panel account but not full administrator privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV. The CVSS 4.0 score of 8.5 reflects high confidentiality and integrity impact against the call detail records database.

SQLi Security Reporting
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-10039 MEDIUM This Month

SQL Injection in the Frontend Admin by DynamiApps WordPress plugin (all versions through 3.28.28) allows authenticated administrators to extract arbitrary data from the WordPress database via the 'order' parameter in the payments list view. The vulnerability stems from unsanitized concatenation of user-supplied input into a raw SQL query, reachable only when a valid 'orderby' parameter is also present in the same request. No public exploit has been identified at time of analysis, and the high privilege requirement (administrator-level) substantially limits the realistic attacker pool, keeping this a medium-severity, low-urgency finding despite the AV:N classification.

SQLi WordPress
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-4776 PHP HIGH PATCH NEWS GHSA This Week

Authenticated SQL injection in Mautic's API contact filtering allows API users to execute arbitrary SQL by abusing insufficient recursive sanitization of nested query parameters. The flaw (CWE-89) yields full read access to database contents and partial availability impact, but requires valid API credentials (PR:L). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-7048 MEDIUM This Month

Time-based blind SQL injection in the Photo Gallery by 10Web WordPress plugin (all versions through 1.8.40) allows authenticated attackers holding contributor-level access or above to exfiltrate sensitive database contents by embedding a crafted shortcode in a post or draft. The `order_by` parameter is passed unsanitized into existing SQL queries, and the injected payload executes when the shortcode is rendered - targeting WordPress databases containing credentials, user PII, and site configuration. No public exploit code or CISA KEV listing has been identified at time of analysis, though the high confidentiality impact and low attack complexity make this a meaningful risk on any site with non-administrative contributors.

SQLi WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2026-7797 HIGH This Week

Time-based blind SQL injection in the Simply Schedule Appointments WordPress plugin (versions up to and including 1.6.11.8) allows unauthenticated remote attackers to extract sensitive database contents through the 'append_where_sql' parameter on the /appointments/bulk REST endpoint. The endpoint's permission check accepts a public nonce embedded in the booking widget's frontend JavaScript, and a PUT request with a urlencoded body bypasses the plugin's blocklist by preventing PHP from populating the relevant superglobals. No public exploit identified at time of analysis, though Wordfence has documented the technique in detail.

SQLi WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-6455 HIGH This Week

Arbitrary file deletion in the WP Contact Form 7 DB Handler WordPress plugin (versions up to and including 3.0) can be achieved by chaining CSRF, UNION-based SQL injection, and PHP object deserialization. A remote unauthenticated attacker who lures a logged-in administrator to a malicious page can delete arbitrary server files, including wp-config.php, which typically forces the site into a re-installation state and enables full site takeover. No public exploit identified at time of analysis, though Wordfence's detailed write-up effectively documents the exploit chain.

Deserialization CSRF SQLi WordPress PHP +1
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-45073 PHP MEDIUM PATCH GHSA This Month

SQL injection in Symfony's PdoAdapter cache component allows any caller who can influence the `$prefix` argument to `AbstractAdapterTrait::clear()` to inject arbitrary SQL into a DELETE statement, potentially deleting unintended rows from the cache table or reshaping query semantics. Affected versions span symfony/cache across four maintained branches: below 5.4.52, 6.x below 6.4.40, 7.x below 7.4.12, and 8.x below 8.0.12. No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV, but vendor-released patches are available across all affected branches.

SQLi
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.1%
CVE-2026-25879 PyPI CRITICAL PATCH GHSA Act Now

Remote code execution in Langroid before 0.63.0 arises because its SQLChatAgent executes SQL text generated by an LLM, and that LLM is steerable through prompt injection — including indirect injection via data returned from the database into the model's context. When the agent connects with a database role holding code-execution or filesystem privileges, an attacker who shapes the agent's input can drive emission of dialect-specific primitives like PostgreSQL's COPY ... FROM PROGRAM to run OS commands on the database host. A full working proof-of-concept (Base64-smuggled COPY FROM PROGRAM running 'id') is published in the GitHub advisory; there is no entry in CISA KEV, so this reflects publicly available exploit code rather than confirmed active exploitation.

PostgreSQL Python Information Disclosure SQLi RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-44886 HIGH PATCH This Week

Unauthenticated SQL injection in Pi.Alert (a WiFi/LAN intruder detection and web-service monitoring tool by leiweibau) lets remote attackers manipulate backend database queries through the public devices.php endpoint. The flaw affects builds from 2024-06-29 up to the 2026-05-07 fix, and the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms it is trivially reachable over the network with no authentication or user interaction, while the high-confidentiality / no-integrity / no-availability impact (VC:H/VI:N/VA:N) indicates the primary risk is database disclosure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the source data.

SQLi PHP
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-38808 MEDIUM This Month

SQL injection in uzy-ssm-mall v1.1.0 exposes sensitive database information to unauthenticated remote attackers via unsanitized input passed through the ProductMapper.xml MyBatis mapper and OrderUtil.java components. The vulnerability requires no authentication or user interaction, making it trivially automatable according to the SSVC framework. No public exploit identified at time of analysis, and EPSS sits at 0.04% (12th percentile), indicating low current exploitation pressure despite the permissive attack surface.

Java SQLi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-38930 MEDIUM This Month

Authentication bypass via SQL injection in OpenRapid RapidCMS v1.3.1 allows unauthenticated remote attackers to manipulate the application's authentication logic by injecting crafted SQL payloads into the `name` cookie parameter processed by the `/template/default/menu.php` component. The CVSS 6.5 (AV:N/AC:L/PR:N/UI:N) score reflects trivial remote exploitability with no prior authentication required, though the confidentiality and integrity impacts are rated Low and availability is unaffected. A public researcher writeup is linked in references, suggesting exploit techniques are documented, but no confirmed active exploitation (CISA KEV) has been recorded and EPSS sits at 0.03% (11th percentile), indicating low observed exploitation activity at time of analysis.

PHP SQLi Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45162 PHP HIGH PATCH GHSA This Week

PHP object injection in Pimcore (packages pimcore/pimcore and admin-ui-classic-bundle) up to and including version 12.3.6 arises from six code paths calling unserialize() without the allowed_classes restriction on values read from database columns and filesystem files. An attacker who can already write to one of those sources - for example through SQL injection into the tmp_store, sites, or custom_layouts tables, or a file write to the WebDAV delete log - can plant a serialized PHP gadget chain that executes arbitrary code with web-server privileges once the data is deserialized. No public exploit identified at time of analysis (the vendor advisory documents only a conceptual PoC procedure), the CVE is not in CISA KEV, and EPSS is not provided; the issue is fixed in 12.3.7 and rated CVSS 8.0, with the High attack-complexity reflecting its dependence on a separate write primitive and a working gadget chain.

RCE SQLi PHP Deserialization
NVD GitHub
CVSS 3.1
8.0
EPSS
0.2%
CVE-2026-49046 HIGH This Week

Blind SQL injection in the WordPress plugin Duplicate Page and Post (by Arjun Thakur) through version 2.9.5 lets authenticated low-privilege users inject crafted SQL into a database query, enabling extraction of arbitrary database contents including WordPress user hashes and secrets. The CVSS:3.1 base score is 8.5 with a changed scope, reflecting impact beyond the plugin into the shared WordPress database. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported through the Patchstack research program.

SQLi
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-9617 MEDIUM PATCH This Month

Privilege escalation in PostgreSQL Anonymizer (all versions prior to 3.1.0) allows an authenticated database user to gain superuser privileges by embedding malicious SQL code within a column identifier of a user-created table. When a superuser invokes the k-anonymity function against such a table, the injected code executes with superuser-level privileges, yielding full confidentiality, integrity, and availability impact across the database. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though SSVC rates technical impact as total due to the complete privilege escalation outcome.

PostgreSQL SQLi
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-42761 CRITICAL Act Now

Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and including 1.0.9) allows remote unauthenticated attackers to inject SQL into backend database queries and infer sensitive data through boolean or time-based responses. The CVSS 3.1 vector (PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope (S:C) reflects that compromise of the WordPress database can affect the entire site beyond the plugin itself. There is no public exploit identified at time of analysis, and no KEV listing or EPSS score was provided.

SQLi WordPress
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42755 CRITICAL Act Now

Unauthenticated blind SQL injection in the RealMag777 TableOn (posts-table-filterable) WordPress plugin through version 1.0.5.1 lets remote attackers inject crafted SQL into backend queries without credentials or user interaction. Because the CVSS scope is marked changed (S:C) with high confidentiality impact, a successful attack can read data beyond the vulnerable component, including the WordPress database. No public exploit is identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no current sign of widespread exploitation despite the 9.3 base score.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42747 CRITICAL Act Now

Blind SQL injection in the Easy Form Builder WordPress plugin (by hassantafreshi), affecting all versions up to and including 4.0.6, lets remote unauthenticated attackers inject crafted SQL into backend database queries. With a CVSS of 9.3 and a scope-changed vector, a successful attack can read sensitive data across the database and impact availability. There is no public exploit identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no observed mass exploitation yet despite the high severity rating.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42740 CRITICAL Act Now

Blind SQL injection in the Tainacan WordPress plugin (versions up to and including 1.0.3) lets remote unauthenticated attackers inject crafted SQL into backend database queries. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope plus high confidentiality impact drive the 9.3 score. There is no public exploit identified at the time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and unauthenticated reach make it a high-priority patch candidate.

SQLi
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-42730 HIGH This Week

Blind SQL injection in the Stylemix MasterStudy LMS WordPress plugin (all versions through 3.7.29) lets authenticated low-privilege users inject crafted SQL into a backend database query, enabling extraction of arbitrary database contents including user credentials and configuration secrets. The CVSS 8.5 (scope-changed) rating reflects that a successful injection can reach data beyond the plugin's own scope, i.e. the entire shared WordPress database. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 9th percentile), but the network-reachable, low-complexity nature of the flaw makes it a meaningful risk for sites that grant accounts to students or instructors.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-42727 CRITICAL Act Now

Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and including 1.0.8) lets remote attackers inject SQL commands via an unsanitized parameter to read arbitrary data from the WordPress/WooCommerce database. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with a changed scope, meaning the injection reaches the backend database beyond the plugin component itself. There is no public exploit identified at time of analysis and no EPSS score was provided, so probability of exploitation cannot be quantified from the available data.

SQLi WordPress
NVD
CVSS 3.1
9.3
EPSS
0.0%
CVE-2026-40850 HIGH This Week

Unauthenticated SQL injection in mbCONNECT24 and the related MB connect line / Helmholz remote-maintenance portals (myREX24V2, myREX24V2.virtual, mymbCONNECT24) version 2.20.0 and earlier lets a remote attacker reach the getAccountData function and inject crafted input into its SQL SELECT statement. Because authentication is not required, an attacker can read arbitrary database contents, resulting in total loss of confidentiality, though integrity and availability are unaffected. There is no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), so widespread opportunistic exploitation has not yet materialized despite the high CVSS 4.0 base score of 8.7.

SQLi
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2026-40849 HIGH This Week

SQL injection in the mbCONNECT24 and myREX24V2 industrial remote-access portals (all variants at or below version 2.20.0) lets a low-privileged remote attacker read arbitrary database contents through the user_alarmprofile view, which fails to neutralize special characters in a SQL SELECT statement (CWE-89). Reported to CERT@VDE and tracked as VDE-2026-044/EUVD-2026-32148, the flaw causes total loss of confidentiality but does not affect integrity or availability. There is no public exploit identified at time of analysis, and EPSS scores it at the 11th percentile (0.03%).

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40848 HIGH This Week

SQL injection in the tag view of MB connect line's mbCONNECT24 and myREX24 remote-maintenance platforms (all variants through 2.20.0) lets a remote attacker manipulate a SQL SELECT statement to read arbitrary database contents, yielding a total loss of confidentiality (VC:H, with no integrity or availability impact). The CVSS 4.0 vector requires low privileges (PR:L), yet the description labels the flaw 'unauthenticated' - a discrepancy defenders should resolve against the vendor advisory before scoping risk. No public exploit is identified at time of analysis, EPSS is very low (0.03%, 11th percentile), and CISA's SSVC framework marks current exploitation as none.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40847 HIGH This Week

SQL injection in the system_tag view of the mbCONNECT24 family of industrial remote-maintenance portals (mbCONNECT24, mymbCONNECT24, myREX24V2 and myREX24V2.virtual) versions 0.0.0 through 2.20.0 lets a remote attacker manipulate a SQL SELECT statement and read arbitrary database contents, yielding a total loss of confidentiality (CVSS 4.0 7.1, VC:H). The CVSS vector indicates a low-privileged account is required (PR:L), though the description text describes the flaw as 'unauthenticated' - this discrepancy should be verified with the vendor. There is no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile), consistent with CISA SSVC scoring exploitation as 'none.'

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40846 HIGH This Week

SQL injection in MB connect line's mbCONNECT24/myREX24V2 industrial remote-maintenance portals (all versions up to and including 2.20.0) lets a low-privileged authenticated user read arbitrary database contents through the 'system view', where special characters are not neutralized inside a SQL SELECT command, yielding a total loss of confidentiality (CVSS 4.0 base 7.1). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV; EPSS is very low at 0.03% (11th percentile), indicating limited near-term mass-exploitation likelihood. The flaw was reported by CERT@VDE and is tracked under advisory VDE-2026-044 and ENISA EUVD-2026-32145. Note the description calls it 'unauthenticated' while the CVSS vector specifies PR:L (low-privileged), a discrepancy that should be resolved with the vendor.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40845 HIGH This Week

SQL injection in the devices_configuration view of MB connect line / Red Lion mbCONNECT24 and myREX24V2 remote-maintenance platforms (versions up to and including 2.20.0) lets a low-privileged remote user read arbitrary database contents. The CVSS 4.0 vector scores it 7.1 with high confidentiality impact and no integrity or availability impact, while EPSS rates exploitation probability at only 0.03% (11th percentile). No public exploit is identified at time of analysis and the issue is not in CISA KEV.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40844 HIGH This Week

SQL injection in the dashboard view of MB connect line's remote-maintenance portals (mbCONNECT24, mymbCONNECT24, myREX24V2 and myREX24V2.virtual) lets a remote, low-privileged user inject crafted input into a SQL SELECT statement, yielding a total loss of confidentiality of the backend database. All versions up to and including 2.20.0 are affected. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the network-reachable, low-complexity nature of the flaw in internet-facing OT remote-access gateways warrants prompt remediation.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40843 HIGH This Week

SQL injection in the alarming view of MB connect line's remote-maintenance platforms - mbCONNECT24, mymbCONNECT24, and the myREX24V2/myREX24V2.virtual portals up to and including version 2.20.0 - lets a remote, low-privileged user smuggle crafted input into a SQL SELECT statement and read arbitrary database contents, resulting in total loss of confidentiality. The CVSS 4.0 vector (PR:L) indicates a low-privileged account is required, even though the advisory text calls the flaw 'unauthenticated' - a discrepancy worth verifying. No public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile), so this is a credible but not actively exploited issue.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40842 HIGH This Week

SQL injection in MB connect line's remote-maintenance portals — mbCONNECT24, mymbCONNECT24, and the myREX24V2 / myREX24V2.virtual cloud variants (all versions up to and including 2.20.0) — lets a low-privileged remote attacker manipulate a SQL SELECT statement in the getWidgetTags function and read arbitrary database contents, causing a total loss of confidentiality. The flaw is confidentiality-only (no integrity or availability impact) and carries a CVSS 4.0 base score of 7.1. EPSS is very low (0.03%, 11th percentile) and CISA's SSVC framework rates exploitation as 'none'; there is no public exploit identified at time of analysis and it is not on CISA KEV.

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40841 HIGH This Week

SQL injection in the getProjectTags function of MB connect line's remote-maintenance platforms - mbCONNECT24, myREX24V2, mymbCONNECT24 and the myREX24V2.virtual appliance, all versions up to and including 2.20.0 - lets a remote attacker manipulate a backend SQL SELECT statement and read arbitrary database contents, causing a total loss of confidentiality (CVSS 4.0 base 7.1, VC:H with no integrity or availability impact). The flaw was coordinated through CERT@VDE and catalogued in the ENISA EUVD; there is no public exploit identified at time of analysis and the EPSS probability is very low (0.03%, 11th percentile). Note a source conflict on access level: the description calls the attacker 'unauthenticated' while the CVSS vector specifies PR:L (low-privilege authenticated).

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-40840 HIGH This Week

SQL injection in the VerifyCreateLicences function of MB connect line's mbCONNECT24 / myREX24 remote-maintenance platforms (including the myREX24V2.virtual and mymbCONNECT24 variants, versions up to and including 2.20.0) lets a remote attacker holding a low-privilege account inject crafted input into a SQL SELECT statement and read arbitrary database contents, causing total loss of confidentiality. The CVSS 4.0 base score is 7.1 with high confidentiality impact but no integrity or availability impact. There is no public exploit identified at time of analysis, and EPSS rates exploitation probability very low at 0.03% (11th percentile).

SQLi
NVD
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in SourceCodester Water Billing Management System 1.0 exposes the User Management Module to database manipulation by authenticated administrators via the ID parameter at /admin/?page=user/manage_user. A publicly available proof-of-concept exploit exists per the CVSS E:P supplemental metric and a researcher's GitHub advisory. Despite network reachability, practical impact is low across confidentiality, integrity, and availability, and exploitation is gated behind high administrative privileges, earning a CVSS 4.0 base score of 2.0.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in CodeAstro Ingredients Stock Management System 1.0 exposes authenticated remote attackers a direct path to database manipulation through the unsanitized `txt_search_category` parameter in `/Ingredients-Stock/stock_manager.php`. The CVSS vector (PR:L) confirms that low-privilege authentication is required, partially limiting exposure, but a publicly available proof-of-concept on GitHub significantly lowers the exploitation barrier. No confirmed active exploitation (CISA KEV) has been reported; however, the combination of low complexity, network accessibility, and public exploit code makes this a realistic threat against any internet-facing deployment where attacker credential acquisition is feasible.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in raisulislamg4's PHP-based Student Management System allows remote unauthenticated attackers to manipulate the 'role' parameter in add_user_check.php to inject arbitrary SQL queries. Publicly available exploit code exists per VulDB disclosure, and the project (a rolling-release GitHub repository) has not responded to the reporter's issue, leaving deployments unpatched. CVSS 7.3 with low complexity and no privileges required makes this an attractive low-effort target despite the limited deployment footprint of this open-source educational project.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in raisulislamg4's Student Management System (PHP) allows remote unauthenticated attackers to manipulate database queries via the user_id, course_id, teacher_id, student_id, or application_id parameters in delete.php. Publicly available exploit code exists, and the project operates on a rolling release model with no formal versioning, complicating patch tracking. The maintainer has been notified but has not responded, leaving deployments exposed.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in raisulislamg4's PHP-based Student Management System allows remote unauthenticated attackers to manipulate the Username parameter in login_check.php to inject arbitrary SQL. Publicly available exploit code exists per the GitHub issue tracker, and the project follows a rolling-release model with no fixed version available. The vendor was notified early but has not responded, leaving deployments unpatched.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Unauthenticated SQL injection in OTRS and the legacy ((OTRS)) Community Edition database layer enables authentication bypass when the backing MySQL/MariaDB instance runs with the NO_BACKSLASH_ESCAPES SQL mode. The flaw carries a CVSS of 9.1 with network-reachable, no-privileges-required exploitation against confidentiality and integrity, but no public exploit identified at time of analysis and the issue is gated by a specific non-default database configuration.

SQLi Authentication Bypass Otrs +1
NVD
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in code-projects Online Hospital Management System 1.0 exposes backend database contents via the `editid` parameter in `appointmentdetail.php`. A low-privilege authenticated attacker can remotely manipulate SQL queries to read, modify, or corrupt patient and appointment records. A proof-of-concept exploit is publicly available per the GitHub reference, raising the likelihood of opportunistic exploitation against internet-facing deployments of this PHP application.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in code-projects Online Hospital Management System 1.php enables remote unauthenticated attackers to manipulate the Username parameter sent to the login_user function in login_1.php, allowing arbitrary SQL query execution against the backend database. Publicly available exploit code exists (published on GitHub by researcher Mi0uno), increasing the likelihood of opportunistic exploitation, though the CVE is not listed in CISA KEV and EPSS data is not provided. Per CVSS, exploitation requires no authentication or user interaction and impacts confidentiality, integrity, and availability at a low level (CVSS 7.3).

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in OFCMS 1.1.3 enables authenticated remote attackers to manipulate database queries through the JSON Query Interface exposed in SysUserController.java. Publicly available exploit code exists (confirmed by CVSS 4.0 E:P modifier and the CVE description), raising the practical risk above what the low CVSS 4.0 score of 2.1 implies. The project maintainers were notified via a Gitee issue report but have not responded, meaning no vendor patch exists at time of analysis - defenders must rely entirely on compensating controls.

Java SQLi
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in OFCMS 1.1.3's JSON Query Interface allows authenticated remote attackers to manipulate database queries via the `Query` function in `SystemParamController.java`. A public proof-of-concept exploit has been released (CVSS E:P confirmed), while the vendor has not responded to the responsible disclosure report, leaving the vulnerability unpatched. The CVSS 4.0 score of 2.1 reflects low-privilege authentication requirements and limited blast radius, but the existence of public exploit code and the absence of any vendor patch elevates practical concern for deployments with internet-exposed admin interfaces.

Java SQLi
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

SQL injection in OFCMS 1.1.3 allows remote low-privileged attackers to manipulate database queries through the Query function of SystemDictController.java's JSON Query Interface. Attackers with a valid low-privilege account can send crafted input to this endpoint to read, modify, or partially disrupt data within the application's database scope. No public exploit identified at time of analysis beyond publicly available proof-of-concept code; the project maintainer has not responded to the responsible disclosure filed via Gitee issue, leaving the vulnerability unpatched.

Java SQLi
NVD VulDB
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in OFCMS versions up to 1.1.3 allows remote low-privileged attackers to inject arbitrary SQL through the `system.user.query` argument within the `ComnController.Query` function, achieving partial compromise of confidentiality, integrity, and availability against the underlying database. Publicly available exploit code exists - referenced via Gitee issue IJLFCA - elevating practical risk above what the moderate CVSS base score of 6.3 alone suggests. No vendor patch has been released; the project maintainer has not responded to the responsible disclosure report, leaving all 1.1.3-and-below deployments unmitigated.

Java SQLi
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in code-projects Online Hospital Management System 1.0 allows unauthenticated remote attackers to manipulate database queries via the `editid` parameter in /patient.php, potentially exposing or modifying patient records. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-authentication, network-accessible exploitation with no special conditions, and a public proof-of-concept has been disclosed via GitHub. While the CVSS 5.5 score reflects limited per-component impact (Low confidentiality, integrity, and availability), the absence of any access barrier combined with POC availability makes this an actionable risk for any exposed deployment.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 exposes sensitive medical data to unauthenticated remote attackers through the ID parameter of the /classes/Users.php?f=save endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote access requiring no credentials or user interaction, and a publicly available proof-of-concept exploit (E:P) further elevates real-world risk beyond the moderate 5.5 base score. No vendor-released patch has been identified, leaving all known deployments of version 1.0 exposed to data exfiltration and manipulation of patient health records.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 allows unauthenticated remote attackers to manipulate the ID parameter in /classes/Users.php?f=delete, enabling unauthorized read and write access to the underlying database. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and the E:P modifier confirms publicly available exploit code exists. While CVSS impact scores are rated Low across confidentiality, integrity, and availability, the unauthenticated network accessibility combined with a live POC elevates the practical deployment risk for any internet-exposed instance.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.6
HIGH This Week

SQL injection in OpenCATS 0.9.1a and later allows authenticated attackers to execute arbitrary SQL queries against the backend database by abusing DataGrid filter handling on the Candidates module's Tags column. The flaw bypasses the application's column filterable restrictions, enabling data theft or modification of the recruitment platform's stored candidate records. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Opencats
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

SQL injection in OpenCATS through 0.9.7.4 allows authenticated users to extract arbitrary database contents by injecting malicious SQL into the sortDirection parameter of ajax/getDataGridPager.php. Publicly available exploit code exists (Exploit-DB 52579, Packet Storm), and the issue was disclosed via a GitHub Security Advisory coordinated with VulnCheck. The CVSS 4.0 base score of 8.4 reflects high confidentiality impact with a subsequent-system scope change, though exploitation requires a valid low-privileged account.

PHP Information Disclosure SQLi
NVD GitHub Exploit-DB VulDB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 allows remote unauthenticated attackers to manipulate the ID parameter of /Administrator/PHP/AdminEditAlbum.php to inject arbitrary SQL queries. Publicly available exploit code exists (disclosed via VulDB submission 819912 and a GitHub issue), though there is no CISA KEV listing and no EPSS data provided to gauge exploitation probability. The vulnerability carries a CVSS 7.3 score reflecting low complexity and no authentication requirement, but only partial CIA impact.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in Aider-AI Aider 0.86.3's Code Generation Workflow component allows authenticated remote attackers with low privileges to manipulate internal SQL queries, resulting in partial compromise of confidentiality, integrity, and availability. A publicly available proof-of-concept exploit exists via GitHub issue #5077, raising near-term exploitation risk despite the medium CVSS score of 6.3. The vendor has not yet responded to the responsible disclosure and no patch has been released, leaving users without an official remediation path.

SQLi Aider
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW POC Monitor

SQL injection in code-projects Online Music Site 1.0 exposes the administrator backend endpoint /Administrator/PHP/AdminUpdateAlbum.php to database manipulation via an unsanitized ID parameter. Exploitation requires high-privilege (administrator) credentials per CVSS PR:H, meaning only authenticated admins - or attackers who have already compromised an admin account - can trigger the flaw. A public proof-of-concept has been disclosed via GitHub, but no CISA KEV listing exists, and no public exploitation activity has been confirmed at this time.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.1
LOW POC Monitor

SQL injection in code-projects Visitor Management System 1.0 exposes the `/vms/php/phone_0.php` endpoint to database manipulation via the unsanitized `phone` parameter, exploitable by authenticated remote attackers. A publicly available exploit chain on GitHub (by Xmyronn) explicitly demonstrates escalation from this SQL injection to remote code execution, elevating the real-world severity beyond the CVSS 6.3 base score. No public exploit identified at time of analysis as actively exploited (not in CISA KEV), but the published RCE chain makes this a meaningful risk for any internet-exposed deployment.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 2.0
LOW Monitor

SQL injection in Bdtask Multi-Store Inventory Management System 1.0 exposes backend database contents through the Accounts Report Handler's date-range search functionality. The vulnerability resides in the accounts_report_search function (Accounts.php), where the dtpToDate argument is passed to a SQL query without sanitization, allowing an authenticated high-privileged user to read, modify, or partially disrupt database data. Publicly available exploit code exists (CVSS 4.0 E:P), though the high-privilege prerequisite significantly limits the realistic attacker population; the vulnerability is not listed in CISA KEV.

PHP SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid and cid parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB GitHub VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the genre parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the year parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the quality parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the country parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the director parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the actor parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'q' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.1
HIGH POC This Week

SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through parameters in mod.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.5
HIGH This Week

SQL injection in the GEO my WP WordPress plugin (versions ≤4.5.5) allows unauthenticated remote attackers to append arbitrary SQL via the 'swlatlng' and 'nelatlng' query-string parameters, enabling extraction of sensitive database contents. The flaw stems from reading parameters directly from $_SERVER['QUERY_STRING'] with parse_str(), bypassing WordPress's wp_magic_quotes sanitization. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV, but exploitation requires only a public page hosting the Posts Locator results shortcode.

SQLi WordPress
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in sambitraj's Student Management System 1.0 exposes the login page to unauthenticated remote exploitation via a crafted email parameter, enabling attackers to manipulate backend database queries. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no user interaction, and no special conditions are required for exploitation. A public proof-of-concept exploit exists via a published GitHub issue, and the vendor has not responded to responsible disclosure - no patch is available at time of analysis.

SQLi Student Management System
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

SQL injection in code-projects Student Details Management System 1.0 exposes the application's database to unauthenticated remote attackers via the unsanitized `roll` parameter in /index.php. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms this is exploitable over the network with no privileges or user interaction required, and a public proof-of-concept exploit is hosted on GitHub, materially lowering the barrier to exploitation. Impact is rated as partial across confidentiality, integrity, and availability (VC:L/VI:L/VA:L), though SQL injection primitives often enable escalation beyond the initial access implied by the base score.

PHP SQLi
NVD VulDB GitHub
EPSS 0% CVSS 7.1
HIGH This Week

Union-based SQL injection in eZ Publish Legacy's dfscleanup.php script allows a local authenticated attacker with sufficient privileges to extract sensitive data, including user credentials, from the underlying MySQL database. The flaw resides in the `_getFileList` function of the `eZDFSFileHandlerMySQLiBackend` class and is permanently unpatched because all branches of the project have reached end of life. No public exploit identified at time of analysis, though a detailed researcher write-up exists on GitHub.

PHP Information Disclosure SQLi
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in agno 2.6.5's ClickHouse vector database backend allows authenticated attackers to inject arbitrary SQL via metadata keys and values passed to delete_by_metadata(). The flaw stems from unsafe f-string interpolation in clickhousedb.py and enables row deletion, targeted data tampering, and information extraction through error-based or blind SQLi. No public exploit identified at time of analysis, but a vendor patch (PR #7883) is available and the issue was disclosed by VulnCheck.

SQLi Agno
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

SQL Injection in Bolt CMS through version 3.7.0 exposes sensitive database contents to any authenticated low-privilege user via the unsanitized 'order' parameter on content listing pages. The CVSS vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) confirms network-exploitable, low-complexity access requiring only a low-privileged account, with full confidentiality impact but no integrity or availability impact - placing this squarely in the data-exfiltration threat category. No public exploit confirmed at time of analysis, and no vendor-released patch has been identified from available data.

SQLi
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the ticket_id parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the p1 parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the tick_lat and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm_passwd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the feature_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the release_id parameter of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 7.1
HIGH POC This Week

MaxOn ERP Software 8.x-9.x contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries through the nomor, user, and jenis parameters in the log_activity. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'desa' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

HaPe PKH 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'nama_kelompok' POST parameter sent to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

HaPe PKH 1.1 contains multiple SQL injection vulnerabilities in admin/media.php that allow attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

E-Registrasi Pencak Silat 18.10 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id_partai. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.8
HIGH POC This Week

Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP Information Disclosure
NVD Exploit-DB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

SQL injection in FreePBX CDR Reports module prior to versions 16.0.50 and 17.0.11 allows authenticated users with CDR section access to execute arbitrary SQL queries via the order and sort POST parameters. The flaw requires a valid Administration Control Panel account but not full administrator privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV. The CVSS 4.0 score of 8.5 reflects high confidentiality and integrity impact against the call detail records database.

SQLi Security Reporting
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

SQL Injection in the Frontend Admin by DynamiApps WordPress plugin (all versions through 3.28.28) allows authenticated administrators to extract arbitrary data from the WordPress database via the 'order' parameter in the payments list view. The vulnerability stems from unsanitized concatenation of user-supplied input into a raw SQL query, reachable only when a valid 'orderby' parameter is also present in the same request. No public exploit has been identified at time of analysis, and the high privilege requirement (administrator-level) substantially limits the realistic attacker pool, keeping this a medium-severity, low-urgency finding despite the AV:N classification.

SQLi WordPress
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Authenticated SQL injection in Mautic's API contact filtering allows API users to execute arbitrary SQL by abusing insufficient recursive sanitization of nested query parameters. The flaw (CWE-89) yields full read access to database contents and partial availability impact, but requires valid API credentials (PR:L). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Time-based blind SQL injection in the Photo Gallery by 10Web WordPress plugin (all versions through 1.8.40) allows authenticated attackers holding contributor-level access or above to exfiltrate sensitive database contents by embedding a crafted shortcode in a post or draft. The `order_by` parameter is passed unsanitized into existing SQL queries, and the injected payload executes when the shortcode is rendered - targeting WordPress databases containing credentials, user PII, and site configuration. No public exploit code or CISA KEV listing has been identified at time of analysis, though the high confidentiality impact and low attack complexity make this a meaningful risk on any site with non-administrative contributors.

SQLi WordPress
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Time-based blind SQL injection in the Simply Schedule Appointments WordPress plugin (versions up to and including 1.6.11.8) allows unauthenticated remote attackers to extract sensitive database contents through the 'append_where_sql' parameter on the /appointments/bulk REST endpoint. The endpoint's permission check accepts a public nonce embedded in the booking widget's frontend JavaScript, and a PUT request with a urlencoded body bypasses the plugin's blocklist by preventing PHP from populating the relevant superglobals. No public exploit identified at time of analysis, though Wordfence has documented the technique in detail.

SQLi WordPress
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file deletion in the WP Contact Form 7 DB Handler WordPress plugin (versions up to and including 3.0) can be achieved by chaining CSRF, UNION-based SQL injection, and PHP object deserialization. A remote unauthenticated attacker who lures a logged-in administrator to a malicious page can delete arbitrary server files, including wp-config.php, which typically forces the site into a re-installation state and enables full site takeover. No public exploit identified at time of analysis, though Wordfence's detailed write-up effectively documents the exploit chain.

Deserialization CSRF SQLi +3
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

SQL injection in Symfony's PdoAdapter cache component allows any caller who can influence the `$prefix` argument to `AbstractAdapterTrait::clear()` to inject arbitrary SQL into a DELETE statement, potentially deleting unintended rows from the cache table or reshaping query semantics. Affected versions span symfony/cache across four maintained branches: below 5.4.52, 6.x below 6.4.40, 7.x below 7.4.12, and 8.x below 8.0.12. No public exploit has been identified at time of analysis and the CVE is not listed in CISA KEV, but vendor-released patches are available across all affected branches.

SQLi
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Remote code execution in Langroid before 0.63.0 arises because its SQLChatAgent executes SQL text generated by an LLM, and that LLM is steerable through prompt injection — including indirect injection via data returned from the database into the model's context. When the agent connects with a database role holding code-execution or filesystem privileges, an attacker who shapes the agent's input can drive emission of dialect-specific primitives like PostgreSQL's COPY ... FROM PROGRAM to run OS commands on the database host. A full working proof-of-concept (Base64-smuggled COPY FROM PROGRAM running 'id') is published in the GitHub advisory; there is no entry in CISA KEV, so this reflects publicly available exploit code rather than confirmed active exploitation.

PostgreSQL Python Information Disclosure +2
NVD GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Unauthenticated SQL injection in Pi.Alert (a WiFi/LAN intruder detection and web-service monitoring tool by leiweibau) lets remote attackers manipulate backend database queries through the public devices.php endpoint. The flaw affects builds from 2024-06-29 up to the 2026-05-07 fix, and the CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) confirms it is trivially reachable over the network with no authentication or user interaction, while the high-confidentiality / no-integrity / no-availability impact (VC:H/VI:N/VA:N) indicates the primary risk is database disclosure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; no EPSS score was provided in the source data.

SQLi PHP
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

SQL injection in uzy-ssm-mall v1.1.0 exposes sensitive database information to unauthenticated remote attackers via unsanitized input passed through the ProductMapper.xml MyBatis mapper and OrderUtil.java components. The vulnerability requires no authentication or user interaction, making it trivially automatable according to the SSVC framework. No public exploit identified at time of analysis, and EPSS sits at 0.04% (12th percentile), indicating low current exploitation pressure despite the permissive attack surface.

Java SQLi
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Authentication bypass via SQL injection in OpenRapid RapidCMS v1.3.1 allows unauthenticated remote attackers to manipulate the application's authentication logic by injecting crafted SQL payloads into the `name` cookie parameter processed by the `/template/default/menu.php` component. The CVSS 6.5 (AV:N/AC:L/PR:N/UI:N) score reflects trivial remote exploitability with no prior authentication required, though the confidentiality and integrity impacts are rated Low and availability is unaffected. A public researcher writeup is linked in references, suggesting exploit techniques are documented, but no confirmed active exploitation (CISA KEV) has been recorded and EPSS sits at 0.03% (11th percentile), indicating low observed exploitation activity at time of analysis.

PHP SQLi Authentication Bypass
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

PHP object injection in Pimcore (packages pimcore/pimcore and admin-ui-classic-bundle) up to and including version 12.3.6 arises from six code paths calling unserialize() without the allowed_classes restriction on values read from database columns and filesystem files. An attacker who can already write to one of those sources - for example through SQL injection into the tmp_store, sites, or custom_layouts tables, or a file write to the WebDAV delete log - can plant a serialized PHP gadget chain that executes arbitrary code with web-server privileges once the data is deserialized. No public exploit identified at time of analysis (the vendor advisory documents only a conceptual PoC procedure), the CVE is not in CISA KEV, and EPSS is not provided; the issue is fixed in 12.3.7 and rated CVSS 8.0, with the High attack-complexity reflecting its dependence on a separate write primitive and a working gadget chain.

RCE SQLi PHP +1
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in the WordPress plugin Duplicate Page and Post (by Arjun Thakur) through version 2.9.5 lets authenticated low-privilege users inject crafted SQL into a database query, enabling extraction of arbitrary database contents including WordPress user hashes and secrets. The CVSS:3.1 base score is 8.5 with a changed scope, reflecting impact beyond the plugin into the shared WordPress database. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; it was reported through the Patchstack research program.

SQLi
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Privilege escalation in PostgreSQL Anonymizer (all versions prior to 3.1.0) allows an authenticated database user to gain superuser privileges by embedding malicious SQL code within a column identifier of a user-created table. When a superuser invokes the k-anonymity function against such a table, the injected code executes with superuser-level privileges, yielding full confidentiality, integrity, and availability impact across the database. No active exploitation has been confirmed (not in CISA KEV) and no public exploit code has been identified at time of analysis, though SSVC rates technical impact as total due to the complete privilege escalation outcome.

PostgreSQL SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the RealMag777 "Active Products Tables for WooCommerce" WordPress plugin (all versions up to and including 1.0.9) allows remote unauthenticated attackers to inject SQL into backend database queries and infer sensitive data through boolean or time-based responses. The CVSS 3.1 vector (PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope (S:C) reflects that compromise of the WordPress database can affect the entire site beyond the plugin itself. There is no public exploit identified at time of analysis, and no KEV listing or EPSS score was provided.

SQLi WordPress
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated blind SQL injection in the RealMag777 TableOn (posts-table-filterable) WordPress plugin through version 1.0.5.1 lets remote attackers inject crafted SQL into backend queries without credentials or user interaction. Because the CVSS scope is marked changed (S:C) with high confidentiality impact, a successful attack can read data beyond the vulnerable component, including the WordPress database. No public exploit is identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no current sign of widespread exploitation despite the 9.3 base score.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the Easy Form Builder WordPress plugin (by hassantafreshi), affecting all versions up to and including 4.0.6, lets remote unauthenticated attackers inject crafted SQL into backend database queries. With a CVSS of 9.3 and a scope-changed vector, a successful attack can read sensitive data across the database and impact availability. There is no public exploit identified at time of analysis, and the EPSS score is very low (0.03%, 9th percentile), indicating no observed mass exploitation yet despite the high severity rating.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the Tainacan WordPress plugin (versions up to and including 1.0.3) lets remote unauthenticated attackers inject crafted SQL into backend database queries. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates exploitation requires no authentication or user interaction, and the changed scope plus high confidentiality impact drive the 9.3 score. There is no public exploit identified at the time of analysis and the issue is not listed in CISA KEV, but the low attack complexity and unauthenticated reach make it a high-priority patch candidate.

SQLi
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in the Stylemix MasterStudy LMS WordPress plugin (all versions through 3.7.29) lets authenticated low-privilege users inject crafted SQL into a backend database query, enabling extraction of arbitrary database contents including user credentials and configuration secrets. The CVSS 8.5 (scope-changed) rating reflects that a successful injection can reach data beyond the plugin's own scope, i.e. the entire shared WordPress database. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 9th percentile), but the network-reachable, low-complexity nature of the flaw makes it a meaningful risk for sites that grant accounts to students or instructors.

SQLi
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Blind SQL injection in the RealMag777 'Active Products Tables for WooCommerce' WordPress plugin (versions up to and including 1.0.8) lets remote attackers inject SQL commands via an unsanitized parameter to read arbitrary data from the WordPress/WooCommerce database. The CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with a changed scope, meaning the injection reaches the backend database beyond the plugin component itself. There is no public exploit identified at time of analysis and no EPSS score was provided, so probability of exploitation cannot be quantified from the available data.

SQLi WordPress
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Unauthenticated SQL injection in mbCONNECT24 and the related MB connect line / Helmholz remote-maintenance portals (myREX24V2, myREX24V2.virtual, mymbCONNECT24) version 2.20.0 and earlier lets a remote attacker reach the getAccountData function and inject crafted input into its SQL SELECT statement. Because authentication is not required, an attacker can read arbitrary database contents, resulting in total loss of confidentiality, though integrity and availability are unaffected. There is no public exploit identified at time of analysis and EPSS is very low (0.05%, 15th percentile), so widespread opportunistic exploitation has not yet materialized despite the high CVSS 4.0 base score of 8.7.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the mbCONNECT24 and myREX24V2 industrial remote-access portals (all variants at or below version 2.20.0) lets a low-privileged remote attacker read arbitrary database contents through the user_alarmprofile view, which fails to neutralize special characters in a SQL SELECT statement (CWE-89). Reported to CERT@VDE and tracked as VDE-2026-044/EUVD-2026-32148, the flaw causes total loss of confidentiality but does not affect integrity or availability. There is no public exploit identified at time of analysis, and EPSS scores it at the 11th percentile (0.03%).

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the tag view of MB connect line's mbCONNECT24 and myREX24 remote-maintenance platforms (all variants through 2.20.0) lets a remote attacker manipulate a SQL SELECT statement to read arbitrary database contents, yielding a total loss of confidentiality (VC:H, with no integrity or availability impact). The CVSS 4.0 vector requires low privileges (PR:L), yet the description labels the flaw 'unauthenticated' - a discrepancy defenders should resolve against the vendor advisory before scoping risk. No public exploit is identified at time of analysis, EPSS is very low (0.03%, 11th percentile), and CISA's SSVC framework marks current exploitation as none.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the system_tag view of the mbCONNECT24 family of industrial remote-maintenance portals (mbCONNECT24, mymbCONNECT24, myREX24V2 and myREX24V2.virtual) versions 0.0.0 through 2.20.0 lets a remote attacker manipulate a SQL SELECT statement and read arbitrary database contents, yielding a total loss of confidentiality (CVSS 4.0 7.1, VC:H). The CVSS vector indicates a low-privileged account is required (PR:L), though the description text describes the flaw as 'unauthenticated' - this discrepancy should be verified with the vendor. There is no public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile), consistent with CISA SSVC scoring exploitation as 'none.'

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in MB connect line's mbCONNECT24/myREX24V2 industrial remote-maintenance portals (all versions up to and including 2.20.0) lets a low-privileged authenticated user read arbitrary database contents through the 'system view', where special characters are not neutralized inside a SQL SELECT command, yielding a total loss of confidentiality (CVSS 4.0 base 7.1). No public exploit is identified at time of analysis and the issue is not listed in CISA KEV; EPSS is very low at 0.03% (11th percentile), indicating limited near-term mass-exploitation likelihood. The flaw was reported by CERT@VDE and is tracked under advisory VDE-2026-044 and ENISA EUVD-2026-32145. Note the description calls it 'unauthenticated' while the CVSS vector specifies PR:L (low-privileged), a discrepancy that should be resolved with the vendor.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the devices_configuration view of MB connect line / Red Lion mbCONNECT24 and myREX24V2 remote-maintenance platforms (versions up to and including 2.20.0) lets a low-privileged remote user read arbitrary database contents. The CVSS 4.0 vector scores it 7.1 with high confidentiality impact and no integrity or availability impact, while EPSS rates exploitation probability at only 0.03% (11th percentile). No public exploit is identified at time of analysis and the issue is not in CISA KEV.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the dashboard view of MB connect line's remote-maintenance portals (mbCONNECT24, mymbCONNECT24, myREX24V2 and myREX24V2.virtual) lets a remote, low-privileged user inject crafted input into a SQL SELECT statement, yielding a total loss of confidentiality of the backend database. All versions up to and including 2.20.0 are affected. There is no public exploit identified at time of analysis and EPSS is very low (0.03%, 11th percentile), but the network-reachable, low-complexity nature of the flaw in internet-facing OT remote-access gateways warrants prompt remediation.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the alarming view of MB connect line's remote-maintenance platforms - mbCONNECT24, mymbCONNECT24, and the myREX24V2/myREX24V2.virtual portals up to and including version 2.20.0 - lets a remote, low-privileged user smuggle crafted input into a SQL SELECT statement and read arbitrary database contents, resulting in total loss of confidentiality. The CVSS 4.0 vector (PR:L) indicates a low-privileged account is required, even though the advisory text calls the flaw 'unauthenticated' - a discrepancy worth verifying. No public exploit identified at time of analysis, and EPSS is very low (0.03%, 11th percentile), so this is a credible but not actively exploited issue.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in MB connect line's remote-maintenance portals — mbCONNECT24, mymbCONNECT24, and the myREX24V2 / myREX24V2.virtual cloud variants (all versions up to and including 2.20.0) — lets a low-privileged remote attacker manipulate a SQL SELECT statement in the getWidgetTags function and read arbitrary database contents, causing a total loss of confidentiality. The flaw is confidentiality-only (no integrity or availability impact) and carries a CVSS 4.0 base score of 7.1. EPSS is very low (0.03%, 11th percentile) and CISA's SSVC framework rates exploitation as 'none'; there is no public exploit identified at time of analysis and it is not on CISA KEV.

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the getProjectTags function of MB connect line's remote-maintenance platforms - mbCONNECT24, myREX24V2, mymbCONNECT24 and the myREX24V2.virtual appliance, all versions up to and including 2.20.0 - lets a remote attacker manipulate a backend SQL SELECT statement and read arbitrary database contents, causing a total loss of confidentiality (CVSS 4.0 base 7.1, VC:H with no integrity or availability impact). The flaw was coordinated through CERT@VDE and catalogued in the ENISA EUVD; there is no public exploit identified at time of analysis and the EPSS probability is very low (0.03%, 11th percentile). Note a source conflict on access level: the description calls the attacker 'unauthenticated' while the CVSS vector specifies PR:L (low-privilege authenticated).

SQLi
NVD
EPSS 0% CVSS 7.1
HIGH This Week

SQL injection in the VerifyCreateLicences function of MB connect line's mbCONNECT24 / myREX24 remote-maintenance platforms (including the myREX24V2.virtual and mymbCONNECT24 variants, versions up to and including 2.20.0) lets a remote attacker holding a low-privilege account inject crafted input into a SQL SELECT statement and read arbitrary database contents, causing total loss of confidentiality. The CVSS 4.0 base score is 7.1 with high confidentiality impact but no integrity or availability impact. There is no public exploit identified at time of analysis, and EPSS rates exploitation probability very low at 0.03% (11th percentile).

SQLi
NVD
Prev Page 8 of 169 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy