Search Results (19744 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-34100 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in media.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34101 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in text_file.php (line 17): SELECT id, filename, extension, type, duration, owner, private FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34102 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in job_info_get.php (line 16): SELECT * FROM jobs where input1 = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34103 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in subtitles.php (line 16): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34104 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the name GET parameter directly into an unsanitized SQL query in designer.php (line 124): SELECT * FROM complex WHERE name='\".$_GET['name'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-34105 1 Guardian 1 Language-system 2026-07-06 9.8 Critical
Guardian language-system passes the id GET parameter directly into an unsanitized SQL query in translate_text.php (line 15): SELECT id, filename, extension, type FROM files where id = '\".$_GET['id'].\"'. An authenticated attacker can perform error-based SQL injection to extract database contents.
CVE-2026-57683 2 Epsiloncool, Wordpress 2 Wp Fast Total Search, Wordpress 2026-07-06 9.3 Critical
Unauthenticated SQL Injection in WP Fast Total Search <= 1.80.280 versions.
CVE-2026-57756 2 Wordpress, 友人a丶 2 Wordpress, Nicen-localize-image 2026-07-06 8.5 High
Contributor SQL Injection in nicen-localize-image <= 1.4.9 versions.
CVE-2026-4321 1 Raera 1 Destekz 2026-07-06 9.8 Critical
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Raera - Ankara Web Design and Digital Advertising Agency Destekz allows SQL Injection. This issue affects Destekz: through 02062026. NOTE: The vendor was contacted and it was learned that the product is not supported.
CVE-2026-14659 1 Itsourcecode 1 Hospital Management System 2026-07-06 6.3 Medium
A vulnerability has been found in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /patientappointment.php. Such manipulation of the argument patiente leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14809 2026-07-06 7.5 High
Prog Management System developed by PROG MIS has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2026-14755 1 Code-projects 1 Hotel And Tourism Reservation 2026-07-06 7.3 High
A vulnerability has been found in code-projects Hotel and Tourism Reservation 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/reservations.php of the component Reservations Management Page. The manipulation of the argument delete leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-14743 1 Code-projects 1 Real State Services 2026-07-06 7.3 High
A vulnerability was identified in code-projects Real State Services 1.0. The impacted element is an unknown function of the file /normalHomeSale.php. Such manipulation of the argument loc leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-14653 1 Sourcecodester 1 Simple And Nice Shopping Cart Script 2026-07-06 7.3 High
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /admin/mensproductdeletequery.php. This manipulation of the argument user_id causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-14734 1 Sourcecodester 1 Class And Exam Timetabling System 2026-07-06 7.3 High
A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0. Impacted is an unknown function of the file /edit_product.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-14701 1 Code-projects 1 Internship Management System 2026-07-06 6.3 Medium
A vulnerability was detected in code-projects Internship Management System 1.0. This affects an unknown function of the file employer/details/change_password.php of the component Password Change Endpoint. The manipulation of the argument Current results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
CVE-2026-14640 1 Codeastro 1 Apartment Visitor Management System 2026-07-06 7.3 High
A vulnerability was found in CodeAstro Apartment Visitor Management System 1.0. Affected is an unknown function of the file /index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVE-2026-14648 1 Code-projects 1 Online Voting System 2026-07-06 7.3 High
A security vulnerability has been detected in code-projects Online Voting System up to 0.x/1.0. This issue affects the function test_input of the file /authentication.php of the component Login. Such manipulation of the argument adminUserName/adminPassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-14654 1 Sourcecodester 1 Simple And Nice Shopping Cart Script 2026-07-06 7.3 High
A vulnerability was identified in SourceCodester Simple and Nice Shopping Cart Script 1.0. Affected is an unknown function of the file /admin/girlsproductdeletequery.php. Such manipulation of the argument user_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2026-14660 1 Code-projects 1 Online Job Portal 2026-07-06 7.3 High
A vulnerability was found in code-projects Online Job Portal 1.0. The affected element is an unknown function of the file login.php. Performing a manipulation of the argument txtUser/txtPass results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.