Critical
CVE-2026-28115
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSyst…
Tag: Blind SQL Injection
All CVEs associated with "Blind SQL Injection". Page 2/6 • 644 CVEs.
Subscribe CVEs: RSS for “Blind SQL Injection” · RSS (High+Critical only)
About “Blind SQL Injection”
A curated feed of “Blind SQL Injection”-related CVEs appears below. We currently track 644 CVEs for this tag (all time). In the last 365 days, 296 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 89% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-564 - SQL Injection: Hibernate.
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-03-05
High
CVE-2026-27373
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Essekia Tablesome tablesome allows Blind SQL Injection.This issue affects Tablesome: from n/a thr…
Critical
CVE-2025-69338
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Riode Core riode-core allows Blind SQL Injection.This issue affects Riode Core: from n…
2026-03-04
High
CVE-2019-25506
FreeSMS 2.1.2 contains a boolean-based blind SQL injection vulnerability in the password parameter that allows unauthenticated attackers to bypass authentication by injecting SQL code through the log…
2026-03-03
High
CVE-2021-35484
Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the Vi…
2026-03-02
High
CVE-2026-3180
The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to blind SQL Injection via the ‘cgLostPasswordEmail’ and the ’cgl_mail’ parameter in al…
Critical
CVE-2025-12462
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Inject…
2026-02-27
High
CVE-2019-25497
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send…
High
CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can m…
High
CVE-2019-25495
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can se…
High
CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Inje…
2026-02-26
High
CVE-2026-26186
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the `order_key` query pa…
2026-02-22
High
CVE-2019-25461
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers…
Critical
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL…
Critical
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can sen…
High
CVE-2019-25457
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can…
High
CVE-2019-25452
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attack…
High
CVE-2019-25391
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POS…
2026-02-20
High
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk…
Critical
CVE-2026-24956
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This iss…
Critical
CVE-2025-69366
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: f…
Critical
CVE-2025-69365
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from…
Critical
CVE-2025-69337
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core:…
Critical
CVE-2025-69310
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: f…
Critical
CVE-2025-69309
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplat…
Critical
CVE-2025-69308
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte C…
Critical
CVE-2025-69307
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core…
Critical
CVE-2025-69306
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core…
Critical
CVE-2025-69305
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from…
Critical
CVE-2025-69304
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a…
Critical
CVE-2025-69295
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from…
Critical
CVE-2025-10970
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kolay Software Inc. Talentics allows Blind SQL Injection.This issue affects Talentics: through 20…
High
CVE-2026-26990
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below have a Time-Based Blind SQL Injection vulnerability in address-search.inc.php via the address…
2026-02-19
High
CVE-2026-25378
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Ne…
2026-02-18
High
CVE-2026-27179
MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The commands_search.inc.php file directly interpolates the $_GET['parent'] parame…
Medium
CVE-2026-1639
The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' and 'sort_by' parameters in all versions up to, a…
2026-02-14
Medium
CVE-2026-1258
The Mail Mint plugin for WordPress is vulnerable to blind SQL Injection via the 'forms', 'automation', 'email/templates', and 'contacts/import/tutorlms/map' API endpoints in all versions up to, and i…
2026-02-12
High
CVE-2019-25348
Computrols CBAS-Web 19.0.0 contains a boolean-based blind SQL injection vulnerability in the 'id' parameter that allows authenticated attackers to manipulate database queries. Attackers can exploit t…
Critical
CVE-2025-10969
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farktor Software E-Commerce Services Inc. E-Commerce Package allows Blind SQL Injection.This issu…
2026-02-06
Critical
CVE-2026-25544
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blin…
Medium
CVE-2026-24417
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the g…
Medium
CVE-2026-24416
OpenSTAManager is an open source management software for technical assistance and invoicing. OpenSTAManager v2.9.8 and earlier contain a critical Time-Based Blind SQL Injection vulnerability in the a…
High
CVE-2019-25299
RimbaLinux AhadPOS 1.11 contains a SQL injection vulnerability in the 'alamatCustomer' parameter that allows attackers to manipulate database queries through crafted POST requests. Attackers can expl…
2026-02-05
High
CVE-2020-37151
phpMyChat Plus 1.98 contains a SQL injection vulnerability in the deluser.php page through the pmc_username parameter that allows attackers to manipulate database queries. Attackers can exploit boole…
2026-02-03
High
CVE-2020-37083
PHP AddressBook 9.0.0.1 contains a time-based blind SQL injection vulnerability that allows remote attackers to manipulate database queries through the 'id' parameter. Attackers can inject crafted SQ…
High
CVE-2026-25022
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Blind SQL Injection.This issue af…
2026-01-30
High
CVE-2020-37053
Navigate CMS 2.8.7 contains an authenticated SQL injection vulnerability that allows attackers to leak database information by manipulating the 'sidx' parameter in comments. Attackers can exploit the…
High
CVE-2020-37051
Online-Exam-System 2015 contains a time-based blind SQL injection vulnerability in the feedback form that allows attackers to extract database password hashes. Attackers can exploit the 'feed.php' en…
2026-01-29
High
CVE-2020-37004
The Ultimate Project Manager CRM PRO version 2.0.5 contains a blind SQL injection vulnerability that allows attackers to extract usernames and password hashes from the tbl_users database table. Attac…
2026-01-28
High
CVE-2020-36972
SmartBlog 2.0.1 contains a blind SQL injection vulnerability in the 'id_post' parameter of the details controller that allows attackers to extract database information. Attackers can systematically t…
2026-01-27
High
CVE-2020-36951
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can explo…
High
CVE-2020-36947
LibreNMS 1.46 contains an authenticated SQL injection vulnerability in the MAC accounting graph endpoint that allows remote attackers to extract database information. Attackers can exploit the vulner…
2026-01-23
High
CVE-2026-24624
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in saeros1984 Neoforum neoforum allows Blind SQL Injection.This issue affects Neoforum: from n/a thr…
High
CVE-2026-24572
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Co…
2026-01-22
High
CVE-2026-24367
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a thr…
High
CVE-2026-22470
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FireStorm Plugins FireStorm Professional Real Estate fs-real-estate-plugin allows Blind SQL Injec…
High
CVE-2025-69180
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themepassion Ultra Portfolio ultra-portfolio allows Blind SQL Injection.This issue affects Ultra…
High
CVE-2025-68999
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Blind SQL Injection.This is…
Critical
CVE-2025-68857
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ichurakov Paid Downloads paid-downloads allows Blind SQL Injection.This issue affects Paid Downlo…
High
CVE-2025-68017
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue aff…
Critical
CVE-2025-49055
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect…
High
CVE-2025-49050
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav WP Lead Capturing Pages wp-lead-capture allows Blind SQL Injection.This issue affect…
2026-01-21
High
CVE-2021-47872
SEO Panel versions prior to 4.9.0 contain a blind SQL injection vulnerability in the archive.php page that allows authenticated attackers to manipulate database queries through the 'order_col' parame…
2026-01-20
Medium
CVE-2025-67261
Abacre Retail Point of Sale 14.0.0.396 is vulnerable to content-based blind SQL injection. The vulnerability exists in the Search function of the Orders page.
2026-01-16
High
CVE-2021-47801
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login_user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious…
2026-01-15
High
CVE-2025-70893
A time-based blind SQL Injection vulnerability exists in PHPGurukul Cyber Cafe Management System v1.0 within the adminprofile.php endpoint. The application fails to properly sanitize user-supplied in…
High
CVE-2021-47766
Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database queries. Attackers can exploit this vu…
Medium
CVE-2025-67081
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" parameter when editing a profile. An attacker with admin account can exploit this issue via blind SQL injec…
2026-01-14
High
CVE-2025-12166
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versi…
High
CVE-2026-23492
Pimcore is an Open Source Data & Experience Management Platform. Prior to 12.3.1 and 11.5.14, an incomplete SQL injection patch in the Admin Search Find API allows an authenticated attacker to perfor…
2026-01-08
Medium
CVE-2026-22242
CoreShop is a Pimcore enhanced eCommerce solution. Prior to version 4.1.8, a blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extra…
Critical
CVE-2025-67928
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in themesuite Automotive Listings automotive allows Blind SQL Injection.This issue affects Automotiv…
High
CVE-2025-67921
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VanKarWai Lobo lobo allows Blind SQL Injection.This issue affects Lobo: from n/a through < 2.8.6.
Critical
CVE-2026-21875
ClipBucket v5 is an open source video sharing platform. Versions 5.5.2-#187 and below allow an attacker to perform Blind SQL Injection through the add comment section within a channel. When adding a…
2026-01-07
High
CVE-2026-21856
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time based blind SQL injection vulnerability in the webhook edit and scan…
Critical
CVE-2025-32303
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
2026-01-06
High
CVE-2025-69351
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjahan Jewel Ninja Tables ninja-tables allows Blind SQL Injection.This issue affects Ninja Tab…
High
CVE-2025-59379
DwyerOmega Isensix Advanced Remote Monitoring System (ARMS) 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parame…
2025-12-31
High
CVE-2025-28949
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codedraft Mediabay - WordPress Media Library Folders allows Blind SQL Injection.This issue affect…
2025-12-30
High
CVE-2025-59129
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in appointify Appointify appointify allows Blind SQL Injection.This issue affects Appointify: from n…
High
CVE-2025-68990
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in xenioushk BWL Pro Voting Manager bwl-pro-voting-manager allows Blind SQL Injection.This issue aff…
2025-12-26
Critical
CVE-2024-44065
Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbookadvanced/search in the qsoresults parameter.
2025-12-24
High
CVE-2025-68590
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot allows Blind SQL Injection.This issu…
High
CVE-2025-68570
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects C…
High
CVE-2025-68519
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BeRocket Brands for WooCommerce brands-for-woocommerce allows Blind SQL Injection.This issue affe…
High
CVE-2025-68496
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi User Feedback userfeedback-lite allows Blind SQL Injection.This issue affects User Fe…
High
CVE-2023-36525
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0.
2025-12-23
High
CVE-2023-53982
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized '…
High
CVE-2025-68550
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme WPBulky wpbulky-wp-bulk-edit-post-types allows Blind SQL Injection.This issue affects…
2025-12-22
High
CVE-2023-53975
Atom CMS 2.0 contains an unauthenticated SQL injection vulnerability that allows remote attackers to manipulate database queries through unvalidated parameters. Attackers can inject malicious SQL cod…
High
CVE-2023-53972
WebTareas 2.4 contains a SQL injection vulnerability in the webTareasSID cookie parameter that allows unauthenticated attackers to manipulate database queries. Attackers can exploit error-based and t…
2025-12-18
High
CVE-2025-64371
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler traveler allows Blind SQL Injection.This issue affects Traveler: from n/a thr…
High
CVE-2025-14314
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roxnor PopupKit popup-builder-block allows Blind SQL Injection.This issue affects PopupKit: from…
2025-12-17
High
CVE-2025-66396
ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the `src/UserEditor.php` file. When an administrator saves a user's configuration…
High
CVE-2025-66395
ChurchCRM is an open-source church management system. Prior to version 6.5.3, a SQL injection vulnerability exists in the `src/ListEvents.php` file. When filtering events by type, the `WhichType` POS…
2025-12-16
High
CVE-2025-68054
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup CountDown With Image or Video Background countdown_with_background allows Blind SQL…
High
CVE-2025-68053
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup xPromoter top_bar_promoter allows Blind SQL Injection.This issue affects xPromoter:…
High
CVE-2025-67999
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stefano Lissa Newsletter newsletter allows Blind SQL Injection.This issue affects Newsletter: fro…
High
CVE-2025-67950
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Blind SQL Injection.This issue affects…
2025-12-15
Critical
CVE-2023-53877
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickup_id parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, an…
High
CVE-2025-14383
The Booking Calendar plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'dates_to_check' parameter in all versions up to, and including, 10.14.8 due to insufficient escaping…
2025-12-13
Medium
CVE-2025-14477
The 404 Solution plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient pre…
High
CVE-2025-13077
The افزونه پیامک ووکامرس فوق حرفه ای (جدید) payamito sms woocommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'columns' parameter in all versions up to, and includ…
2025-12-12
High
CVE-2025-14169
The FunnelKit - Funnel Builder for WooCommerce Checkout plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'opid' parameter in all versions up to, and including, 3.13.1.5 du…
2025-12-11
High
CVE-2024-58307
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious…
Critical
CVE-2024-58301
Purei CMS 1.0 contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through unfiltered user input parameters. Attackers can exploit vulnerable e…
2025-12-09
High
CVE-2025-67518
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Blind SQL Injection.This issue affe…
High
CVE-2025-67517
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in artplacer ArtPlacer Widget artplacer-widget allows Blind SQL Injection.This issue affects ArtPlac…
High
CVE-2025-67516
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Blind SQL Injection.This issue aff…
2025-12-06
Medium
CVE-2025-13922
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'existing_terms_orderby' parameter in the AI preview A…
2025-12-02
High
CVE-2025-12465
A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The…
High
CVE-2025-13724
The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'month' parameter in all versions up to, and including, 1.4.4 due to insuffici…
2025-12-01
High
CVE-2025-66313
ChurchCRM is an open-source church management system. In ChurchCRM 6.2.0 and earlier, there is a time-based blind SQL injection in the handling of the 1FieldSec parameter. Injecting SLEEP() causes de…
Critical
CVE-2025-51683
A blind SQL Injection (SQLi) vulnerability in mJobtime v15.7.2 allows unauthenticated attackers to execute arbitrary SQL statements via a crafted POST request to the /Default.aspx/update_profile_Serv…
2025-11-20
Critical
CVE-2025-52410
Institute-of-Current-Students v1.0 contains a time-based blind SQL injection vulnerability in the mydetailsstudent.php endpoint. The `myds` GET parameter is not adequately sanitized before being used…
2025-11-18
Medium
CVE-2025-65093
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a boolean-based blind SQL injection vulnerability was identified in the LibreNMS application at…
2025-11-08
High
CVE-2025-64492
SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnera…
2025-11-07
High
CVE-2025-10968
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE - 564 - SQL Injection: Hibernate vulnerability in GG Soft Software Services Inc. PaperWork allows Blind SQL I…
2025-11-06
High
CVE-2025-60239
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS:…
2025-11-05
High
CVE-2025-12197
The The Events Calendar plugin for WordPress is vulnerable to blind SQL Injection via the 's' parameter in versions 6.15.1.1 to 6.15.9 due to insufficient escaping on the user supplied parameter and…