Trending

#SQLInjection

Latest posts tagged with #SQLInjection on Bluesky

Latest Top

Posts tagged #SQLInjection

Offensive Sequence
Offensive Sequence
@offseq.bsky.social
3 days ago
Preview
CVE-2026-5558: SQL Injection in PHPGurukul PHPGurukul Online Shopping Portal Pro A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql inj

MEDIUM severity SQL injection in PHPGurukul Online Shopping Portal (2.0, 2.1). Exploit code public — remote attackers may target /pending-orders.php. Review and secure your instances: radar.offseq.com/threat/cve-2026-5558-sql... #OffSeq #SQLInjection...

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
4 days ago
Preview
CVE-2026-34612: CWE-89: Improper Neutralization of Special Elements used in an S Kestra, an open-source event-driven orchestration platform, has a SQL Injection vulnerability (CWE-89) in its default docker-compose deployment prior to version 1.3.7. The flaw exists in the GET /api/v1/main/flows/search endpoint, where an

CRITICAL: Kestra < 1.3.7 vulnerable to SQL Injection (CVSS 10). Authenticated users can achieve RCE. Upgrade to v1.3.7 now to stay protected! radar.offseq.com/threat/cve-2026-34612-cw... #OffSeq #Kestra #SQLInjection

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
4 days ago
Preview
CVE-2026-34934: CWE-89: Improper Neutralization of Special Elements used in an S The vulnerability CVE-2026-34934 in PraisonAI versions before 4.5.90 involves improper neutralization of special elements in SQL commands (CWE-89). Specifically, the get_all_user_threads function uses Python f-strings to build raw SQL queri

CRITICAL: PraisonAI <4.5.90 vulnerable to unauthenticated SQL injection, risking full DB compromise. Patch to 4.5.90+ now. Details: radar.offseq.com/threat/cve-2026-34934-cw... #OffSeq #security #SQLInjection

0 0 0 0
@marryjw.bsky.social
5 days ago
Preview
How a Single SQL Flaw Can Bypass 2FA and Compromise Your Security We’re told two-factor authentication is the ultimate security shield. Password stolen? No problem. The hacker doesn’t have your phone. Game over… right?In this episode of TechDaily.ai, David and…

Discover how a simple SQL vulnerability can bypass 2FA, exposing systems to unauthorized access and critical security risks. Tap the link to learn more.

#CyberSecurity #SQLInjection #2FA #DataSecurity #Infosec #Podcast

pca.st/5kw1c83p

0 0 0 0
CyberTaters
CyberTaters
@potato.software
5 days ago

Discover how a simple SQL vulnerability can bypass 2FA, exposing systems to unauthorized access and critical security risks. Tap the link to learn more.

#PotatoSecurity #SQLInjection #2FA #DataSecurity #Infosec #Podcast

pca.st/5kw1c83p

1 0 0 0
Şenol Şengül
Şenol Şengül
@senolsengul.bsky.social
5 days ago
Preview
Joomla SQL Injection ve XSS Koruma Yöntemleri (2026 Güncel Rehber) Joomla sitenizi SQL Injection ve XSS saldırılarına karşı nasıl koruyabilirsiniz? En etkili güvenlik yöntemleri ve pratik çözümler bu rehberde!

Bu rehberde, Joomla SQL Injection koruma ve Joomla XSS açığına karşı nasıl koruyacağınızı teknik ama anlaşılır bir şekilde, adım adım öğreneceksiniz.

#joomla #security #sqlinjection

0 0 0 0
Devart
Devart
@devartsoftware.bsky.social
1 week ago
Post image

💡 How to Prevent SQL Injection Attacks

#dbForgeEdge helps analyze and optimize #SQL queries, reducing the risk of #SQLInjection and improving #DatabaseSecurity.

🔎 Full guide: is.gd/g1Yrbx

✅ Explore #dbForge: is.gd/kCqwwX

0 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
1 week ago
Preview
Critical Fortinet Forticlient EMS flaw now exploited in attacks Attackers are actively exploiting CVE-2026-21643, a critical SQL injection in Fortinet's FortiClient EMS that allows unauthenticated actors to execute arbitrary code via the EMS web interface. The flaw affects FortiClient EMS 7.4.4 and can be remediated by upgrading to 7.4.5 or later, while thousands of instances remain exposed online according to Shodan and Shadowserver. #CVE202621643 #FortiClientEMS

Critical SQL injection CVE-2026-21643 in Fortinet FortiClient EMS 7.4.4 is actively exploited, allowing unauthenticated code execution via EMS web interface. Patch to 7.4.5+ to fix thousands exposed globally. #FortinetFlaw #SQLInjection #USA

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 week ago
Preview
CVE-2026-5035: SQL Injection in code-projects Accounting System A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possibl

SQL Injection in code-projects Accounting System 1.0 (MEDIUM, CVE-2026-5035) via /view_work.php. Public exploit exists — check your deployments and limit exposure. radar.offseq.com/threat/cve-2026-5035-sql... #OffSeq #SQLInjection

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 week ago
Preview
CVE-2026-5033: SQL Injection in code-projects Accounting System A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id resul

MEDIUM severity: code-projects Accounting System 1.0 faces public SQL injection exploit in /view_costumer.php (cos_id). Monitor for threats & prepare to patch. Details: radar.offseq.com/threat/cve-2026-5033-sql... #OffSeq #SQLInjection #CyberAlert

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 week ago
Preview
CVE-2026-5019: SQL Injection in code-projects Simple Food Order System A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argu

SQL injection in code-projects Simple Food Order System 1.0 (MEDIUM). Public exploit out — restrict access and monitor for suspicious DB activity. Details: radar.offseq.com/threat/cve-2026-5019-sql... #OffSeq #SQLInjection #Vulnerability

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 week ago
Preview
CVE-2026-33991: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-33991 is an SQL Injection vulnerability identified in the WeGIA web management system developed by LabRedesCefetRJ, specifically affecting versions prior to 3.6.7. The vulnerability is located in the file `html/socio/sistema/deleta

WeGIA < 3.6.7 hit by HIGH severity SQL Injection (CVE-2026-33991). Charitable orgs: upgrade to 3.6.7 or secure deletar_tag.php now to protect sensitive data. radar.offseq.com/threat/cve-2026-33991-cw... #OffSeq #SQLInjection #Cybersecurity

0 0 0 0
@marryjw.bsky.social
1 week ago

Learn how a simple SQL vulnerability can bypass 2FA, exposing systems to unauthorized access and serious security risks.

#CyberSecurity #SQLInjection #2FA #DataSecurity #Infosec #Podcast

music.amazon.com/podcasts/e9e...

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
2 weeks ago
Preview
CVE-2026-2580: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2580 is a critical SQL Injection vulnerability identified in the flippercode WP Maps – Store Locator, Google Maps, OpenStreetMap, Mapbox, Listing, Directory & Filters plugin for WordPress, affecting all versions up to 4.9.1. The vu

WP Maps plugin (all versions) hit by HIGH severity SQL Injection (CVE-2026-2580). Sites risk data leaks via 'orderby' param. Update or disable plugin now! radar.offseq.com/threat/cve-2026-2580-cwe... #OffSeq #WordPress #SQLInjection

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
2 weeks ago
Preview
CVE-2026-4540: SQL Injection in projectworlds Online Notes Sharing System CVE-2026-4540 identifies a SQL Injection vulnerability in the projectworlds Online Notes Sharing System version 1.0. The vulnerability resides in the /login.php script, specifically in the Parameters Handler component that processes the 'Be

SQL Injection alert (MEDIUM): projectworlds Online Notes Sharing System v1.0 vulnerable via /login.php 'Benutzer' parameter. Public exploit code out — patch or mitigate ASAP. Details: radar.offseq.com/threat/cve-2026-4540-sql... #OffSeq #SQLInjection...

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
2 weeks ago
Preview
CVE-2026-32767: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-32767 is a critical SQL injection vulnerability affecting SiYuan, a personal knowledge management system, in versions prior to 3.6.1. The vulnerability resides in the /api/search/fullTextSearchBlock endpoint, specifically when the

SiYuan <3.6.1 hit by CRITICAL SQL injection (CVE-2026-32767): low-priv users can run any SQL via /api/search/fullTextSearchBlock. Upgrade to 3.6.1+ ASAP! radar.offseq.com/threat/cve-2026-32767-cw... #OffSeq #SiYuan #SQLInjection

0 0 0 0
The Daily Tech Feed
The Daily Tech Feed
@thedailytechfeed.com
2 weeks ago
Post image

Critical vulnerability CVE-2026-21643 in FortiClient EMS allows unauthenticated remote code execution. Immediate upgrade to version 7.4.5 recommended. #CyberSecurity #Fortinet #SQLInjection Link: thedailytechfeed.com/critical-for...

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
2 weeks ago
Preview
CVE-2026-27413: CWE-89 Improper Neutralization of Special Elements used in an SQ CVE-2026-27413 is a critical security vulnerability classified under CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), commonly known as SQL Injection. It affects Cozmoslabs Profile Builder Pro, a popular WordPres

🚨 CRITICAL SQL Injection in Profile Builder Pro (≤3.13.9) allows remote data theft — no auth needed. No patch yet — immediately restrict access & monitor logs. Details: radar.offseq.com/threat/cve-2026-27413-cw... #OffSeq #WordPress #SQLInjection

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
2 weeks ago
Preview
CVE-2026-32698: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-32698 is a critical SQL injection vulnerability identified in OpenProject, a widely used open-source web-based project management tool. The vulnerability exists in versions prior to 16.6.9, 17.0.6, 17.1.3, and 17.2.1. It stems from

CRITICAL: OpenProject SQL injection (CVE-2026-32698, CVSS 9.1) lets admins trigger RCE via chained bugs. Upgrade to 16.6.9/17.0.6/17.1.3/17.2.1+ now! 🛡️ radar.offseq.com/threat/cve-2026-32698-cw... #OffSeq #SQLInjection #OpenProject

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
3 weeks ago
Preview
CVE-2026-22730: Vulnerability in VMware Spring AI CVE-2026-22730 is a high-severity SQL injection vulnerability affecting VMware Spring AI versions 1.0.x and 1.1.x. The vulnerability resides in the MariaDBFilterExpressionConverter module, which is responsible for converting filter expressi

🚨 VMware Spring AI 1.0.x/1.1.x hit by HIGH-severity SQL injection (CVE-2026-22730)! Limited-priv attackers can execute arbitrary SQL. Patch when released, tighten input checks now. radar.offseq.com/threat/cve-2026-22730-vu... #OffSeq #VMware #SQLInjection

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
3 weeks ago
Preview
CVE-2026-28430: CWE-89: Improper Neutralization of Special Elements used in an S Chamilo LMS, a widely used open-source learning management system, suffers from a critical SQL injection vulnerability identified as CVE-2026-28430. This vulnerability exists in versions prior to 1.11.34 and is triggered via the custom_date

Chamilo LMS < 1.11.34 faces CRITICAL SQL injection (CVSS 9.3). Attackers can seize admin access & PII. Patch to 1.11.34 now! radar.offseq.com/threat/cve-2026-28430-cw... #OffSeq #SQLInjection #CyberAlert

0 1 0 0
mmarcoseguridad.bsky.social
mmarcoseguridad.bsky.social
@mmarcoseguridad.bsky.social
3 weeks ago
Video

Una vulnerabilidad SQL Injection en Koha permite manipular consultas SQL desde la interfaz de personal.

Un ejemplo más de cómo una entrada mal validada puede poner en riesgo toda una base de datos.

#CyberSecurity #SQLInjection

0 0 0 0
CyberMaterial
CyberMaterial
@cybermaterial.bsky.social
3 weeks ago
Post image

Critical SQLi Bug Hits Ally Plugin Sites
Read More: buff.ly/O6ZOGn0

#CVE20262413 #WordPressSecurity #SQLInjection #AllyPlugin #WebAppSecurity #CriticalVulnerability #PatchNow #InfosecAlert

0 0 0 0
Hackread.com
Hackread.com
@hackread.bsky.social
3 weeks ago
Preview
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.

Over 200,000 #WordPress sites are exposed due to an SQL injection flaw in the Ally plugin (CVE-2026-2413), allowing attackers to extract database data. Patch released, but many sites remain vulnerable.

Read: hackread.com/sql-injectio...

#CyberSecurity #SQLInjection #Vulnerability

1 2 0 0
Joel
Joel
@joelivoryjohnson.com
3 weeks ago
Post image

Watching someone trying to perform an SQL injection attack on a form on a personal web page. It's not going to work. Nevertheless, I think I am going to respond to this by adding further protections.

#SQL #Security #SQLInjection

0 0 0 0
Cybersecurity News Everyday
Cybersecurity News Everyday
@hendryadrian.bsky.social
3 weeks ago
One moment, please...

A SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin exposed over 200,000 sites to data extraction via time-based blind SQL attacks. Ally 4.1.0 patch adds sanitization, but 60% remain vulnerable. #WordPress #SQLInjection #USA

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
3 weeks ago
Preview
CVE-2026-31896: CWE-89: Improper Neutralization of Special Elements used in an S The vulnerability CVE-2026-31896 affects the WeGIA web management system, specifically versions before 3.6.6. The root cause is improper neutralization of special elements in SQL commands (CWE-89), resulting from the use of PHP's extract($_

WeGIA <3.6.6 hit by CRITICAL SQL injection (CVSS 9.8). Remote attackers can access or alter DB data. Upgrade to 3.6.6+ or apply WAF rules now! Full details: radar.offseq.com/threat/cve-2026-31896-cw... #OffSeq #SQLInjection #Cybersecurity

0 0 0 0
Thomas Fricke (he/his)
Thomas Fricke (he/his)
@thomasfricke.23.social.ap.brid.gy
4 weeks ago
Original post on 23.social

codewall.ai/blog/how-we-hacked-mckin...

"The agent mapped the attack surface and found the API documentation publicly exposed — over 200 endpoints, fully documented. Most required authentication. Twenty-two didn't.

One of those unprotected endpoints wrote user search […]

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 month ago
Preview
CVE-2026-30860: CWE-89: Improper Neutralization of Special Elements used in an S Tencent WeKnora, an LLM-powered framework for deep document understanding and semantic retrieval, contains a critical SQL injection vulnerability (CVE-2026-30860) in versions prior to 0.2.12. The vulnerability stems from the application's f

CRITICAL: Tencent WeKnora (<0.2.12) has a severe SQLi flaw (CVE-2026-30860) enabling unauth RCE via PostgreSQL queries. Upgrade to 0.2.12 ASAP! radar.offseq.com/threat/cve-2026-30860-cw... #OffSeq #SQLInjection #Security

0 0 0 0
Offensive Sequence
Offensive Sequence
@offseq.bsky.social
1 month ago
Preview
CVE-2026-28501: CWE-89: Improper Neutralization of Special Elements used in an S CVE-2026-28501 is a critical SQL Injection vulnerability identified in the open-source video platform WWBN AVideo, specifically affecting versions prior to 24.0. The vulnerability exists in the objects/videos.json.php and objects/video.php

CRITICAL: WWBN AVideo < 24.0 hit by SQL Injection via JSON POST (catName). Unauthenticated exploit risks full DB compromise. Upgrade to v24.0+ or add WAF rules now! radar.offseq.com/threat/cve-2026-28501-cw... #OffSeq #Vuln #SQLInjection

0 0 0 0