All CosmicBytez Labs articles tagged #SQL Injection, across news, security advisories, how-to guides, and projects.
A critical SQL injection vulnerability in the /ureport/datasource/previewData endpoint of ureport v2.2.9 allows unauthenticated attackers to exfiltrate sensitive database contents via crafted SQL statements. CVSS score of 9.8.
A high-severity SQL injection vulnerability in Aster Telecom Azcall 10/11 allows attackers to manipulate HTTP handler parameters and access the underlying database. CVSS 7.3 — patch or restrict access immediately.
A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI bakery management system allows remote attackers to manipulate the login.php Username parameter and compromise the backend database without authentication.
A high-severity SQL injection vulnerability in the TOKO-ONLINE-ROTI PHP bakery system allows remote attackers to manipulate the kode_produk and kd_cs parameters in proses/add.php, enabling database compromise.
A CVSS 9.8 critical SQL injection vulnerability in PraisonAI before 4.6.78 allows attackers to exploit the unvalidated dimension argument in PGVector and...
A critical SQL injection vulnerability in Inrove Software's BiEticaret e-commerce platform (versions before v3.3.57) allows unauthenticated attackers to...
A critical-severity SQL injection vulnerability (CVSS 9.6) in the Snowflake Snowpark Python SDK allows authenticated low-privilege users to execute SQL...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate the database via...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows remote attackers to manipulate backend database...
An unauthenticated remote SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows attackers to manipulate the id...
A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to dump the...
A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to fully...
A high-severity SQL injection vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows remote attackers to manipulate the admin...
A high-severity SQL injection flaw in SourceCodester Simple and Nice Shopping Cart Script 1.0 exposes the men's product delete query to remote...
A high-severity SQL injection vulnerability in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows remote attackers to exploit the girls...
A high-severity SQL injection vulnerability in itsourcecode Online Hotel Management System 1.0 allows remote attackers to exploit the admin login page via...
A high-severity SQL injection vulnerability in SourceCodester's Multi-Vendor Online Grocery Management System 1.0 allows remote attackers to manipulate...
A remotely exploitable SQL injection flaw in SourceCodester Pizzafy E-Commerce System 1.0 allows attackers to manipulate the confirm_order endpoint via an...
A CVSS 9.8 critical SQL injection in the Destekz plugin by Raera - Ankara Web Design allows unauthenticated remote attackers full database access. The...
Multiple authenticated SQL injection vulnerabilities in Ubiquiti's UniFi Talk Application can be chained to escalate privileges to host-level access on...
A critical SQL injection vulnerability (CVSS 9.8) in the UTT nv518G router allows unauthenticated remote attackers to execute arbitrary code via the...
A critical unauthenticated SQL injection vulnerability in the EventON WordPress Virtual Event Calendar Plugin affects versions up to 5.0.11, exposing...
A high-severity SQL injection vulnerability has been identified in itsourcecode Baptism Information Management System 1.0, allowing remote attackers to...
A second high-severity SQL injection vulnerability has been disclosed in itsourcecode Baptism Information Management System 1.0, this time affecting the...
A remotely exploitable SQL injection vulnerability affects SourceCodester Class and Exam Timetabling System 1.0 via the course_year_section parameter in...
A remotely exploitable SQL injection flaw in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate...
A critical unauthenticated SQL injection vulnerability (CVSS 9.8) in the JoomCCK Joomla extension allows attackers to read, modify, or delete database...
A high-severity SQL injection vulnerability in SourceCodester's Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to...
A second high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 targets /preview6.php via the...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...
A high-severity SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated attackers to manipulate the...
A high-severity SQL injection vulnerability in yashpokharna2555's restaurant management system allows unauthenticated attackers to exploit the...
A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the JetBooking WordPress plugin affects all versions up to 4.0.4.1, potentially...
A critical blind SQL injection vulnerability in The Events Calendar WordPress plugin by StellarWP affects versions 6.15.12 through 6.16.2, allowing...
A critical unauthenticated SQL injection vulnerability in GEO my WordPress versions 4.5.5 and earlier allows attackers to extract database contents...
A critical unauthenticated SQL injection vulnerability (CVSS 9.3) in the InPost Gallery WordPress plugin allows attackers to extract sensitive database...
A high-severity SQL injection vulnerability (CVSS 7.3) in CollegeManagementSystem allows attackers to manipulate the department_code parameter in…
A CVSS 7.3 SQL injection vulnerability in SourceCodester's Computer Repair Shop Management System v1.0 allows remote attackers to extract sensitive data via…
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 allows remote attackers to extract database contents by…
A SQL injection vulnerability in SourceCodester Hospitals Patient Records Management System 1.0 enables remote attackers to extract database contents by…
A critical SQL injection vulnerability (CVSS 9.1) in OTRS and ((OTRS)) Community Edition allows unauthenticated attackers to bypass authentication entirely…
A SQL injection vulnerability in OpenCATS through 0.9.7.4 allows authenticated attackers to extract database contents by injecting malicious SQL via the…
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 allow attackers to extract sensitive database contents via the artid, cid,...
Multiple unauthenticated SQL injection vulnerabilities in eNdonesia Portal 8.7 expose the publisher, artikel, and info modules to database extraction...
An unauthenticated SQL injection vulnerability in MGB OpenSource Guestbook 0.7.0.2 allows attackers to extract sensitive database contents via the 'id'...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Online Music Site 1.0, affecting the Administrator PHP AdminEditAlbum…
A remotely exploitable SQL injection vulnerability in code-projects Student Details Management System 1.0 allows attackers to manipulate database queries...
The GEO my WP WordPress plugin (versions up to 4.5.5) is vulnerable to unauthenticated SQL injection via the swlatlng and nelatlng parameters, which...
A CVSS 9.8 critical SQL injection vulnerability in the Marten .NET document database library allows untrusted user input to be interpolated directly into...
Twitter-Clone 1 contains a high-severity SQL injection vulnerability in follow.php that allows attackers to extract sensitive database information through.
A remotely exploitable SQL injection vulnerability in the admin panel of itsourcecode Electronic Judging System 1.0 allows attackers to manipulate database.
CISA has added CVE-2026-9082, a SQL injection vulnerability in Drupal Core, to its Known Exploited Vulnerabilities catalog following confirmed in-the-wild...
Drupal is warning that hackers are actively attempting to exploit a 'highly critical' SQL injection vulnerability, CVE-2026-9082, announced earlier this...
A critical blind SQL injection vulnerability in the WP Directory Kit WordPress plugin allows unauthenticated attackers to exfiltrate the entire WordPress...
A CVSS 7.5 SQL injection vulnerability in the WP ERP Pro WordPress plugin (all versions up to 1.5.1) allows unauthenticated attackers to extract sensitive...
A high-severity SQL injection vulnerability (CVE-2026-8785, CVSS 7.3) has been disclosed in projectworlds Hospital Management System in PHP 1.0, allowing...
A CVSS 9.8 blind SQL injection vulnerability in Akilli Commerce's e-commerce platform allows unauthenticated attackers to extract the entire database...
A high-severity SQL injection vulnerability (CVE-2026-2993) in the AI Chatbot & Workflow Automation by AIWU WordPress plugin allows unauthenticated...
A critical SQL injection vulnerability in SAP S/4HANA Enterprise Search for ABAP allows authenticated attackers to inject malicious SQL statements via...
The Custom css-js-php WordPress plugin through version 2.0.7 fails to sanitize user input before using it in a SQL query, and passes the result to dynamic...
A critical unauthenticated SQL injection vulnerability in Beauty Parlour Management System v1.1 allows attackers to dump the entire backend database via a...
A critical SQL injection vulnerability in LiteLLM's proxy server allows unauthenticated attackers to manipulate database queries during API key...
Threat actors are actively exploiting CVE-2026-42208, a critical pre-authentication SQL injection vulnerability in the LiteLLM open-source LLM gateway,...
A critical SQL injection vulnerability in NASA's Earth Observing System Data and Information System MODAPS v8.1 allows unauthenticated attackers to...
A critical unauthenticated SQL injection vulnerability in ProjeQtor project management software allows attackers to inject arbitrary SQL via the login...
A high-severity SQL injection vulnerability has been discovered in SourceCodester Pizzafy Ecommerce System 1.0, allowing remote attackers to manipulate...
ShinyHunters hits Medtronic and ADT in the same week, exposing millions of records; a critical one-push RCE lands in GitHub; LiteLLM's pre-auth SQL...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Courier Management System 1.0, affecting the edit_parcel.php file...
CVE-2026-7002 is a CVSS 7.3 SQL injection vulnerability in KLiK SocialMediaWebsite up to version 1.0.1, exploitable remotely via the c_id parameter in the...
A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...
A critical SQL injection vulnerability in SocialEngine versions 7.8.0 and prior allows unauthenticated remote attackers to execute arbitrary SQL queries...
A critical SQL injection vulnerability in the end-of-life Borg SPM 2007 application allows unauthenticated remote attackers to inject arbitrary SQL...
A critical SQL injection vulnerability in Jellystat, the open-source statistics app for Jellyfin, allows authenticated users to execute arbitrary SQL...
A medium-severity SQL injection vulnerability has been disclosed in ProjectsAndPrograms School Management System, allowing remote attackers to manipulate...
A critical SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows unauthenticated remote attackers to bypass login...
A high-severity SQL injection vulnerability in WeGIA, a web manager for charitable institutions, allows authenticated attackers to escalate privileges by...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple IT Discussion Forum 1.0, affecting the /delete-category.php...
A remotely exploitable SQL injection vulnerability (CVE-2026-5637) has been disclosed in projectworlds Car Rental System 1.0. The flaw exists in...
An unauthenticated SQL injection vulnerability in ResourceSpace 8.6 allows attackers to execute arbitrary database queries via the 'ref' parameter in...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the...
An unauthenticated SQL injection vulnerability has been disclosed in code-projects Concert Ticket Reservation System 1.0, affecting the login.php file via...
A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester/jkev Record Management System 1.0, affecting the Login page's...
A high-severity SQL injection vulnerability in itsourcecode Online Enrollment System 1.0 allows remote unauthenticated attackers to manipulate the USERID...
A high-severity SQL injection vulnerability in code-projects Simple Laundry System 1.0 allows remote unauthenticated attackers to manipulate the firstName...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the login page's email...
A critical unauthenticated SQL injection vulnerability (CVSS 9.1) in the setinfo endpoint allows remote attackers to corrupt data and cause denial of...
A critical SQL injection vulnerability in the SciTokens Python library allows attackers to manipulate authentication token validation via unsanitized...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, affecting the /all-tickets.php file...
A remotely exploitable SQL injection vulnerability exists in code-projects Simple Food Order System 1.0, where the Name parameter in register-router.php...
A SQL injection vulnerability has been disclosed in code-projects Simple Food Order System 1.0, where the Status parameter in all-orders.php enables...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, where the cos_id parameter in...
A remotely exploitable SQL injection vulnerability has been disclosed in code-projects Accounting System 1.0, allowing unauthenticated attackers to...
A critical unauthenticated Boolean-based SQL injection vulnerability (CVSS 9.8) has been disclosed in HCL Unica versions 25.1.1 and below, allowing remote...
A remotely exploitable SQL injection vulnerability has been disclosed in itsourcecode Free Hotel Reservation System 1.0, affecting the amenities admin...
A high-severity SQL injection vulnerability has been disclosed in itsourcecode University Management System 1.0, allowing remote attackers to execute...
A remotely exploitable SQL injection vulnerability has been disclosed in SourceCodester Simple Responsive Tourism Website 1.0, allowing attackers to...
A SQL injection vulnerability in Galaxy Forces MMORPG version 0.5.8 has been formally catalogued by NVD, enabling authenticated attackers to extract...
Fortinet patches a CVSS 9.8 SQL injection in FortiClientEMS 7.4.4 allowing unauthenticated remote code execution. Endpoint management servers across...