SQL Injection

ClipBucket v5 (5.5.2-#187 and below) has blind SQL injection in the channel comment functionality via the obj_id parameter. Unauthenticated attackers can extract the entire database. PoC available.

Facesentry Access Control System Firmware versions up to 5.7.0 is affected by cleartext storage of sensitive information (CVSS 7.5).

A weakness has been identified in bluelabsio records-mover versions up to 1.5.4. contains a security vulnerability (CVSS 5.3).

The Tarkov Data Manager is a tool to manage the Tarkov item data. [CVSS 7.2 HIGH]

WPCHURCH WordPress plugin (through 2.7.0) has blind SQL injection with scope change, enabling unauthenticated extraction of the full WordPress database.

The Relevanssi WordPress plugin before 4.26.0, Relevanssi Premium WordPress plugin before 2.29.0 do not sanitize and escape a parameter before using it in a SQL statement, allowing contributor and above roles to perform SQL injection attacks [CVSS 4.9 MEDIUM]

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tables: from n/a through <= 5.2.4. [CVSS 6.5 MEDIUM]

DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. [CVSS 7.5 HIGH]

The Quiz and Survey Master (QSM) - Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based SQL Injection via the ‘is_linking’ parameter in all versions up to, and including, 10.3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]

Page Expire Popup/Redirection for WordPress (WordPress plugin) is affected by sql injection (CVSS 6.5).

The CBX Bookmark & Favorite plugin for WordPress is vulnerable to generic SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 2.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 6.5 MEDIUM]

The Form Vibes - Database Manager for Forms plugin for WordPress is vulnerable to SQL Injection via the 'params' parameter in all versions up to, and including, 1.4.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 4.9 MEDIUM]

Online Music Site versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /FrontEnd/Albums.php allows unauthenticated remote attackers to manipulate database queries and potentially extract or modify sensitive data. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

SQL injection in the Online Music Site 1.0 login functionality allows unauthenticated remote attackers to manipulate username and password parameters, potentially leading to unauthorized data access, modification, or service disruption. Public exploit code exists for this vulnerability, and no patch is currently available, leaving deployed instances at immediate risk.

Waituk Entrada WordPress theme (through 5.7.7) contains blind SQL injection with scope change, allowing unauthenticated database extraction beyond the theme's own data.

SQL injection in Campcodes Supplier Management System 1.0 allows authenticated remote attackers to manipulate the txtRetailerAddress parameter in /retailer/edit_profile.php and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected organizations running PHP-based installations should implement input validation controls and restrict access to the vulnerable endpoint until patching becomes available.

Centreon Infra Monitoring's AWIE export module contains SQL injection accessible to unauthenticated users. Combined with CVE-2025-15026 (missing auth on import), the AWIE module has both unauthenticated data extraction and unauthorized configuration access. Patch available.

SQL injection in the Online Product Reservation System 1.0 user registration handler allows remote attackers to manipulate multiple input fields (name, address, contact details, email, username) without authentication to execute arbitrary database queries. Public exploit code exists for this vulnerability, increasing active exploitation risk. No patch is currently available for affected PHP-based installations.

SQL injection in the cart update handler of Online Product Reservation System 1.0 allows authenticated attackers to manipulate product ID and quantity parameters, potentially leading to unauthorized data access, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, affecting systems running the vulnerable PHP application.

SQL injection in the Online Product Reservation System 1.0 checkout delete function allows authenticated attackers to manipulate POST parameters and execute arbitrary database queries remotely. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk of data theft or manipulation.

Infility Global WordPress plugin (through 2.14.48) contains SQL injection with scope change, enabling unauthenticated database extraction beyond the plugin's own data. No patch available.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AA-Team Premium SEO Pack allows SQL Injection.This issue affects Premium SEO Pack: from n/a through 3.3.2. [CVSS 8.5 HIGH]

Amazon Native Shopping Recommendations WordPress plugin (through 1.3) contains SQL injection that allows unauthenticated attackers to extract database contents with scope change. Abandoned plugin with no expected patch.

SQL injection in the Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the transaction_id parameter in /order_view.php and execute arbitrary database queries. Public exploit code is available for this vulnerability, and no patch is currently available. The flaw enables attackers to read, modify, or delete sensitive data with network access only.

SQL injection in the Online Product Reservation System 1.0 via the ID parameter in app/products/left_cart.php allows authenticated attackers to read, modify, or delete database contents remotely. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this software.

SQL injection in the User Login component of Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate the emailadd parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, enabling attackers to potentially extract sensitive data or modify database contents. No patch is currently available to address this issue.

SQL injection in itsourcecode Society Management System 1.0 allows authenticated attackers to manipulate the Title parameter in /admin/edit_activity_query.php, enabling remote data exfiltration, modification, or deletion. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected systems at risk.

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. [CVSS 6.5 MEDIUM]

The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. [CVSS 8.6 HIGH]

A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not u...

SQL injection in the Online Product Reservation System 1.0 POST parameter handler allows unauthenticated remote attackers to manipulate product attributes like ID, name, and price to execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations face potential data theft, modification, and service disruption.

SQL injection in the Online Product Reservation System 1.0 administrator delete function allows unauthenticated remote attackers to manipulate the ID parameter and execute arbitrary database queries. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available for affected PHP installations running this product.

A vulnerability was identified in CRMEB up to 5.6.1. This issue affects some unknown processing of the file /adminapi/product/product_export. [CVSS 4.7 MEDIUM]

A vulnerability was determined in CRMEB up to 5.6.1. This vulnerability affects unknown code of the file /adminapi/export/product_list. [CVSS 4.7 MEDIUM]

SQL injection in the Online Product Reservation System 1.0 parameter handler allows unauthenticated remote attackers to manipulate cat/price/name/model/serial arguments and execute arbitrary SQL queries with public exploit code available. The vulnerability affects the /handgunner-administrator/prod.php endpoint and enables attackers to read, modify, or delete database contents without authentication. No patch is currently available for this high-severity flaw.

SQL injection in the administrator login component of code-projects Online Product Reservation System 1.0 allows unauthenticated remote attackers to manipulate emailadd and pass parameters in /handgunner-administrator/adminlogin.php, enabling data exfiltration and modification. Public exploit code exists for this vulnerability, and no patch is currently available.

SQL injection in code-projects Online Music Site 1.0 via the fname parameter in /Frontend/Feedback.php allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive information. Public exploit code exists for this vulnerability, and no patch is currently available, leaving affected installations at immediate risk.

SQL injection in code-projects Online Music Site 1.0 via the ID parameter in /Frontend/AlbumByCategory.php allows unauthenticated remote attackers to execute arbitrary SQL queries and potentially access or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available.

SQL injection in Online Music Site 1.0's ViewSongs.php parameter handling allows unauthenticated remote attackers to manipulate the ID argument and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires no user interaction and impacts the confidentiality, integrity, and availability of the affected application.

SQL injection in code-projects Content Management System 1.0 via the ID parameter in /pages.php allows unauthenticated remote attackers to execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Attackers can leverage this to read, modify, or delete sensitive database information with low complexity from any network location.

A vulnerability was identified in Daptin 0.10.3. Affected by this vulnerability is the function goqu.L of the file server/resource/resource_aggregate.go of the component Aggregate API. [CVSS 6.3 MEDIUM]

QNAP Hyper Data Protector before 2.2.4.1 has an SQL injection vulnerability that allows remote attackers to execute unauthorized commands on the backup database. Combined with CVE-2025-59388 (hardcoded credentials), this creates a critical attack chain.

An SQL injection vulnerability has been reported to affect MARS (Multi-Application Recovery Service). The remote attackers can then exploit the vulnerability to execute unauthorized code or commands.

The online-movie-booking application (v5.5) by gosaliajainam contains SQL injection in movie_details.php, allowing unauthenticated attackers to extract the entire database. PoC exists. This is an open-source educational project often deployed without hardening.

Content Management System versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

SQL injection in code-projects Content Management System 1.0 via the search.php parameter allows unauthenticated remote attackers to manipulate database queries and potentially extract sensitive data or modify database contents. Public exploit code exists for this vulnerability, and no patch is currently available. Affected installations should implement immediate input validation or access controls until patching is possible.

A vulnerability has been found in Yonyou KSOA 9.0. Affected by this issue is some unknown functionality of the file /worksheet/work_edit.jsp. [CVSS 7.3 HIGH]

A flaw has been found in Yonyou KSOA 9.0. Affected by this vulnerability is an unknown functionality of the file /worksheet/work_update.jsp. [CVSS 7.3 HIGH]

A vulnerability was detected in Yonyou KSOA 9.0. Affected is an unknown function of the file /kp/PrintZPYG.jsp. [CVSS 7.3 HIGH]

A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. [CVSS 7.3 HIGH]

A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. [CVSS 7.3 HIGH]

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CVSS 7.5 HIGH]

A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. [CVSS 7.3 HIGH]

Online Guitar Store versions up to 1.0 contains a vulnerability that allows attackers to sql injection (CVSS 7.3).

A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. [CVSS 7.3 HIGH]

A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. [CVSS 7.3 HIGH]

SQL injection in itsourcecode School Management System 1.0 via the ID parameter in /student/index.php enables unauthenticated remote attackers to query or manipulate the database. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all installations at risk.

Blind SQL Injection in Appointify WordPress plugin version 1.0.8 and earlier allows unauthenticated remote attackers to execute arbitrary SQL commands against the underlying database. The vulnerability enables data extraction and manipulation through time-based or error-based inference techniques without requiring valid credentials or authentication. EPSS score of 0.04% indicates low statistical likelihood of exploitation despite the technical severity of SQL injection.

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.0) allows unauthenticated remote attackers to extract database contents, modify data, or execute administrative commands. The vulnerability carries a critical CVSS score of 9.8 due to network-based exploitation requiring no privileges or user interaction. While EPSS probability is low (0.05%, 14th percentile) and no active exploitation is confirmed at time of analysis, the severity and unauthenticated attack vector make this a priority for WordPress administrators using this plugin. Patchstack security audit identified this flaw as CWE-89 SQL injection stemming from improper input sanitization.

SQL injection in AutomatorWP WordPress plugin through version 5.2.4 allows authenticated attackers to execute arbitrary SQL commands. The vulnerability exists in the plugin's database query handling where user-supplied input is not properly sanitized before being used in SQL statements. While EPSS scoring indicates low exploitation probability (0.04th percentile), the SQL injection vector represents a critical capability if exploited, potentially enabling data exfiltration, modification, or deletion from the affected WordPress database.

Blind SQL injection in VillaTheme WPBulky plugin through version 1.1.13 allows attackers to extract sensitive data from WordPress databases via improper neutralization of SQL command elements. The vulnerability affects the wpbulky-wp-bulk-edit-post-types plugin and is confirmed by security audit firm Patchstack, though no public exploit code or active exploitation has been documented at time of analysis.

SQL injection in LambertGroup LBG Zoominoutslider WordPress plugin versions ≤5.4.4 enables authenticated attackers with low privileges to execute arbitrary SQL commands with potential for cross-site impact. The vulnerability carries an 8.5 CVSS score but shows low real-world exploitation probability (EPSS 0.04%, 14th percentile) with no confirmed active exploitation or public proof-of-concept code identified at time of analysis.

A SQL injection vulnerability exists in LangGraph SQLite Checkpoint, an implementation of LangGraph CheckpointSaver for SQLite databases. The vulnerability affects versions 3.0.0 and below of the langgraph-checkpoint-sqlite Python package, allowing attackers with local access and low privileges to manipulate SQL queries through unvalidated metadata filter keys in checkpoint search operations. A proof-of-concept exploit is publicly available, though the EPSS score of 0.02% (6th percentile) suggests minimal active exploitation in the wild currently.

SQL injection vulnerability in /php/api_patient_schedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter.

A vulnerability was found in Jihai Jshop MiniProgram Mall System 2.9.0. Affected by this issue is some unknown functionality of the file /index.php/api.html. The manipulation of the argument cat_id results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /newsubject.php. The manipulation of the argument sub leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newrecord.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

A vulnerability was detected in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /newcurriculm.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

A security vulnerability has been detected in code-projects Online Ordering System 1.0. This affects an unknown function of the file /admin/ of the component Admin Login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.

A weakness has been identified in code-projects Online Ordering System 1.0. The impacted element is an unknown function of the file /user_contact.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.

A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.

A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

A vulnerability was determined in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Admin/additems.php. Executing manipulation of the argument item_name can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

A vulnerability was found in code-projects Simple Shopping Cart 1.0. This vulnerability affects unknown code of the file /Customers/settings.php. Performing manipulation of the argument user_id results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

A vulnerability has been found in IdeaCMS up to 1.8. This affects the function whereRaw of the file app/common/logic/index/Coupon.php. Such manipulation of the argument params leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was detected in code-projects Daily Time Recording System 4.5.0. The impacted element is an unknown function of the file /admin/add_payroll.php. Performing manipulation of the argument detail_Id results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

A security flaw has been discovered in code-projects Currency Exchange System 1.0. The affected element is an unknown function of the file /editotheraccount.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

A vulnerability was identified in code-projects Currency Exchange System 1.0. Impacted is an unknown function of the file /edittrns.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

A vulnerability was determined in code-projects Currency Exchange System 1.0. This issue affects some unknown processing of the file /viewserial.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

A vulnerability was found in code-projects Currency Exchange System 1.0. This vulnerability affects unknown code of the file /edit.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.