Critical
CVE-2026-26705
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php.
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 11/174 • 20871 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20871 CVEs for this tag (all time). In the last 365 days, 4083 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-03-02
Critical
CVE-2026-26704
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php.
Critical
CVE-2026-26708
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.
Critical
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
Critical
CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
Critical
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
Critical
CVE-2026-26702
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
Critical
CVE-2026-26696
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.
Critical
CVE-2026-26695
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.
Critical
CVE-2026-26694
code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php.
Critical
CVE-2025-50192
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11…
High
CVE-2025-50191
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched…
Critical
CVE-2025-50190
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patc…
Medium
CVE-2026-26698
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php.
Medium
CVE-2026-26697
code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=.
Critical
CVE-2025-12462
A Blind SQL injection vulnerability has been identified in DobryCMS. A remote unauthenticated attacker is able to inject SQL syntax into URL path in multiple parameters resulting in Blind SQL Inject…
Medium
CVE-2025-30062
In the "CheckUnitCodeAndKey.pl" service, the "validateOrgUnit" function is vulnerable to SQL injection.
High
CVE-2025-10350
SQL Injection vulnerability in "imageserver" module when processing C-FIND queries in CGM NETRAAD software allows attacker connected to PACS gaining access to database, including data processed by GC…
Critical
CVE-2026-2584
A critical SQL Injection (SQLi) vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker (AV:N/PR:N) can exploit this flaw by sending speciall…
High
CVE-2026-3413
A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql…
High
CVE-2026-3411
A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The man…
High
CVE-2026-3410
A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation…
High
CVE-2026-3406
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The mani…
2026-02-28
High
CVE-2026-28562
wpForo 2.4.14 contains an unauthenticated SQL injection vulnerability in Topics::get_topics() where the ORDER BY clause relies on ineffective esc_sql() sanitization on unquoted identifiers. Attackers…
High
CVE-2025-13673
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to SQL Injection via the 'coupon_code' parameter in all versions up to, and including, 3.9.6 due to insufficien…
2026-02-27
High
CVE-2026-28516
openDCIM version 23.04, through commit 4467e9c4, contains a SQL injection vulnerability in Config::UpdateParameter. The install.php and container-install.php handlers pass user-supplied input directl…
High
CVE-2026-27832
Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.8, 25.0.87, and 6.8.153 have a SQL Injection (SQLi) vulnerability, exploitable through the `a…
High
CVE-2019-25497
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send…
High
CVE-2019-25496
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can m…
High
CVE-2019-25495
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can se…
High
CVE-2019-25494
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and passwor…
High
CVE-2019-25493
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'val' parameter. Attackers can send GET req…
High
CVE-2019-25492
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pt' parameter. Attackers can send GET requ…
High
CVE-2019-25491
Homey BNB V4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET req…
High
CVE-2019-25490
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET reque…
High
CVE-2019-25489
Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the hosting_id parameter. Attackers can send GET…
High
CVE-2026-2751
Blind SQL Injection via unsanitized array keys in Service Dependencies deletion. Vulnerability in Centreon Centreon Web on Central Server on Linux (Service Dependencies modules) allows Blind SQL Inje…
Critical
CVE-2025-15498
Pro3W CMS if vulnerable to SQL injection attacks. Improper neutralization of input provided into a login form allows an unauthenticated attacker to bypass authentication and gain administrative privi…
Critical
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects…
Medium
CVE-2026-2831
The MailArchiver plugin for WordPress is vulnerable to SQL Injection via the ‘logid’ parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter…
Critical
CVE-2025-11251
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affe…
Medium
CVE-2026-3292
A security vulnerability has been detected in jizhiCMS up to 2.5.6. Affected is the function findAll in the library frphp/lib/Model.php of the component Batch Interface. The manipulation of the argum…
Medium
CVE-2026-3287
A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuCon…
2026-02-26
Medium
CVE-2026-28226
Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in v…
High
CVE-2026-3261
A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argumen…
Medium
CVE-2026-27149
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, SQL injection in PM tag filtering (`list_private_messages_tag`) allows bypassing tag filter condi…
High
CVE-2026-22206
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. At…
High
CVE-2026-1198
SIMPLE.ERP is vulnerable to the SQL Injection in search functionality in "Obroty na kontach" window. Lack of input validation allows an authenticated attacker to prepare a malicious query to the data…
High
CVE-2026-28136
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.…
High
CVE-2026-26186
Fleet is open source device management software. A SQL injection vulnerability in versions prior to 4.80.1 allowed authenticated users to inject arbitrary SQL expressions via the `order_key` query pa…
2026-02-25
High
CVE-2026-3200
A vulnerability was identified in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads t…
High
CVE-2026-25746
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be expl…
Critical
CVE-2026-24908
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Patient REST API endpoint allows…
High
CVE-2026-23627
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, an SQL injection vulnerability in the Immunization module allows any a…
Medium
CVE-2026-25554
OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain a SQL injection vulnerability in the jwt_db_authorize() function in modules/auth_jwt/authorize.c wh…
High
CVE-2026-2416
The Geo Mashup plugin for WordPress is vulnerable to SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.17. This is due to insufficient escaping on the user supplied pa…
High
CVE-2026-3164
A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in s…
High
CVE-2026-3153
A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injec…
High
CVE-2026-3152
A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id cau…
High
CVE-2026-3151
A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql…
Medium
CVE-2026-3150
A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher…
Medium
CVE-2026-3149
A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a ma…
High
CVE-2026-3148
A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes…
High
CVE-2026-27747
The SPIP interface_traduction_objets plugin versions prior to 2.2.2 contain an authenticated SQL injection vulnerability in interface_traduction_objets_pipelines.php. When handling translation reques…
Critical
CVE-2026-27743
The SPIP referer_spam plugin versions prior to 1.3.0 contain an unauthenticated SQL injection vulnerability in the referer_spam_ajouter and referer_spam_supprimer action handlers. The handlers read t…
High
CVE-2026-3135
A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category cau…
High
CVE-2026-3134
A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argum…
High
CVE-2026-3133
A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argum…
2026-02-24
Critical
CVE-2026-21410
InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution.
High
CVE-2026-3105
SummaryThis advisory addresses a SQL injection vulnerability in the API endpoint used for retrieving contact activities. A vulnerability exists in the query construction for the Contact Activity time…
Medium
CVE-2026-23980
Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection…
High
CVE-2026-3069
A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to s…
High
CVE-2026-3068
A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to…
Medium
CVE-2026-3057
A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Inter…
High
CVE-2026-3046
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The ma…
High
CVE-2026-3042
A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID result…
2026-02-23
Critical
CVE-2025-41002
SQL injection vulnerability in Infoticketing. This vulnerability allows an unauthenticated attacker to retrieve, create, update, and delete the database by sending a POST request using the 'code' p…
High
CVE-2026-1367
Zohocorp ManageEngine ADSelfService Plus versions 6522 and below are vulnerable to authenticated SQL Injection in the search report option.
Critical
CVE-2026-24494
SQL Injection vulnerability in the /api/integrations/getintegrations endpoint of Order Up Online Ordering System 1.0 allows an unauthenticated attacker to access sensitive backend database data via a…
Medium
CVE-2026-2963
A vulnerability was determined in Jinher OA C6 up to 20260210. This issue affects some unknown processing of the file /C6/Jhsoft.Web.officesupply/OfficeSupplyTypeRight.aspx. This manipulation of the…
2026-02-22
High
CVE-2019-25462
Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. Attackers can…
High
CVE-2019-25461
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. Attackers…
High
CVE-2019-25460
Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. Attac…
Critical
CVE-2019-25459
Web Ofisi Emlak V2 contains multiple SQL injection vulnerabilities in the endpoint that allow unauthenticated attackers to manipulate database queries through GET parameters. Attackers can inject SQL…
Critical
CVE-2019-25458
Web Ofisi Firma Rehberi v1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can sen…
High
CVE-2019-25457
Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. Attackers can…
Critical
CVE-2019-25456
Web Ofisi Emlak v2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'ara' GET parameter. Attackers can se…
High
CVE-2019-25455
Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send…
High
CVE-2019-25452
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attack…
High
CVE-2019-25450
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can…
High
CVE-2019-25446
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameter…
High
CVE-2019-25443
Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. Attackers can supply malici…
High
CVE-2019-25442
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GE…
High
CVE-2019-25440
WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. Attackers can send GET…
High
CVE-2019-25439
NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. Attackers can cr…
High
CVE-2019-25433
XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. Attackers can send GET re…
High
CVE-2019-25391
Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. Attackers can send POS…
High
CVE-2019-25366
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attack…
High
CVE-2026-2912
A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation…
2026-02-21
High
CVE-2026-2867
A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql…
High
CVE-2026-2865
A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler.…
High
CVE-2026-27470
ZoneMinder is a free, open source closed-circuit television software application. In versions 1.36.37 and below and 1.37.61 through 1.38.0, there is a second-order SQL Injection vulnerability in the…
2026-02-20
High
CVE-2019-25438
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attacker…
High
CVE-2019-25431
delpino73 Blue-Smiley-Organizer 1.32 contains an SQL injection vulnerability in the datetime parameter that allows unauthenticated attackers to manipulate database queries. Attackers can inject SQL c…
Critical
CVE-2019-25444
Fiverr Clone Script 1.2.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the page parameter. Attackers can…
High
CVE-2026-2848
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=register of the component R…
Medium
CVE-2026-26745
OpenSourcePOS 3.4.1 has a second order SQL Injection vulnerability in the handling of the currency_symbol configuration field. Although the input is initially stored without immediate execution, it i…
High
CVE-2026-24959
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk…
Critical
CVE-2026-24956
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shahjada Download Manager Addons for Elementor wpdm-elementor allows Blind SQL Injection.This iss…
Critical
CVE-2025-69366
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Emerce Core emerce-core allows Blind SQL Injection.This issue affects Emerce Core: f…
Critical
CVE-2025-69365
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Uroan Core uroan-core allows Blind SQL Injection.This issue affects Uroan Core: from…
Critical
CVE-2025-69337
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in don-themes Wolmart Core wolmart-core allows Blind SQL Injection.This issue affects Wolmart Core:…
Critical
CVE-2025-69310
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Woodly Core woodly-core allows Blind SQL Injection.This issue affects Woodly Core: f…
Critical
CVE-2025-69309
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Saasplate Core saasplate-core allows Blind SQL Injection.This issue affects Saasplat…
Critical
CVE-2025-69308
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte C…
Critical
CVE-2025-69307
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core…
Critical
CVE-2025-69306
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core…
Critical
CVE-2025-69305
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Crete Core crete-core allows Blind SQL Injection.This issue affects Crete Core: from…
Critical
CVE-2025-69304
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Allmart allmart-core allows Blind SQL Injection.This issue affects Allmart: from n/a…
Critical
CVE-2025-69295
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Coven Core coven-core allows Blind SQL Injection.This issue affects Coven Core: from…