#sqli — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sqli, aggregated by home.social.
-
#Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites.
Patch now!:
👇
https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html -
#Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites.
Patch now!:
👇
https://thehackernews.com/2026/07/new-wp2shell-wordpress-core-flaw-lets.html -
CVE-2026-8402: Eksagate SYSGUARD 6001 (2.0.2 – <6.1.16.0) has a CRITICAL SQL injection (CVSS 9.8). Unsupported by vendor — no fix expected. Isolate or replace affected systems. https://radar.offseq.com/threat/cve-2026-8402-cwe-89-improper-neutralization-of-sp-679f5e5e28b1e119 #OffSeq #CVE20268402 #SQLi #Infosec
-
CVE-2026-13496 (MEDIUM): SQL injection in itsourcecode Hospital Management System 1.0 via /ajaxmedicine.php (medicineid param). No patch yet. Restrict endpoint & use WAF. More: https://radar.offseq.com/threat/cve-2026-13496-sql-injection-in-itsourcecode-hospi-342d6b4c0975daad #OffSeq #infosec #SQLi #HealthcareSecurity
-
CVE-2026-13486 | SQL injection in SourceCodester Class and Exam Timetabling System (v1.0/6.php). MEDIUM severity. Exploit public for /preview6.php — remote attackers can target course_year_section param. Monitor & mitigate. https://radar.offseq.com/threat/cve-2026-13486-sql-injection-in-sourcecodester-cla-1dca720c361e2250 #OffSeq #Vuln #SQLi #AppSec
-
🛡️ CRITICAL: CVE-2026-45779 in Open XDMoD < 10.0.3 enables unauthenticated SQL injection — total DB compromise possible! Patch to 10.0.3+ or apply manual fix. No known exploitation yet. Details: https://radar.offseq.com/threat/cve-2026-45779-cwe-89-improper-neutralization-of-s-cff49bf0 #OffSeq #Vuln #SQLi #HPC
-
📰 Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites
📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi
🌐 cyber[.]netsecops[.]io
-
📰 Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites
📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi
🌐 cyber[.]netsecops[.]io
-
📰 Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites
🚨 CRITICAL vulnerability in Drupal Core (CVE-2026-9082)! Unauthenticated SQL injection affects sites using PostgreSQL, allowing for potential RCE. Patch immediately! #Drupal #CyberSecurity #SQLi #Vulnerability
🌐 cyber[.]netsecops[.]io
-
📰 Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites
🚨 CRITICAL vulnerability in Drupal Core (CVE-2026-9082)! Unauthenticated SQL injection affects sites using PostgreSQL, allowing for potential RCE. Patch immediately! #Drupal #CyberSecurity #SQLi #Vulnerability
🌐 cyber[.]netsecops[.]io
-
MEDIUM severity: CVE-2026-7028 impacts CodeAstro Online Job Portal 1.0. SQL injection possible via /admin/jobs-admins/delete-jobs.php (ID param). Exploit is public — monitor for attacks and restrict access! https://radar.offseq.com/threat/cve-2026-7028-sql-injection-in-codeastro-online-jo-7d79de51 #OffSeq #SQLi #Vulnerability #InfoSec
-
🚨 CRITICAL: CyferShepard Jellystat <1.1.10 vulnerable to SQL injection (CVE-2026-41167). Auth’d users can read any DB table & execute commands on the PostgreSQL host. Upgrade to 1.1.10 ASAP! https://radar.offseq.com/threat/cve-2026-41167-cwe-89-improper-neutralization-of-s-51b08aed #OffSeq #Jellystat #SQLi #Infosec
-
🚨 CRITICAL SQL injection (CVE-2026-37749) in CodeAstro Simple Attendance Management System v1.0: Remote unauthenticated attackers can bypass authentication via index.php. Restrict access & deploy WAFs until a patch arrives. https://radar.offseq.com/threat/cve-2026-37749-na-c4c6e5dc #OffSeq #SQLi #Infosec
-
🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. https://radar.offseq.com/threat/cve-2026-27681-cwe-89-improper-neutralization-of-s-a7704991 #OffSeq #SAP #Vuln #SQLi
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
El lado del mal - Un "Hardening Tip" de BBDD - de mi Lost & Found - contra las "Heavy Queries Malignas" https://elladodelmal.com/2026/04/un-hardening-tip-de-bbdd-de-mi-lost.html #SQLi #hardening #BBDD #HeavyQueries #SQL
-
⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. https://radar.offseq.com/threat/cve-2026-5019-sql-injection-in-code-projects-simpl-bb8230db #OffSeq #SQLi #Vuln
-
⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. https://radar.offseq.com/threat/cve-2026-2580-cwe-89-improper-neutralization-of-sp-b93f1b1b #OffSeq #WordPress #Vuln #SQLi
-
🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: https://radar.offseq.com/threat/cve-2026-27413-cwe-89-improper-neutralization-of-s-2b17e884 #OffSeq #WordPress #SQLi #Infosec
-
Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.
https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh -
🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! https://radar.offseq.com/threat/cve-2026-22730-vulnerability-in-vmware-spring-ai-ddcf48d5 #OffSeq #VMware #SQLi #Infosec
-
🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. https://radar.offseq.com/threat/cve-2026-2584-cwe-89-improper-neutralization-of-sp-3951e11b #OffSeq #CVE20262584 #SQLi #FirmwareSecurity
-
CVE-2026-2247: HIGH-severity SQL injection in Clickedu SaaS (all versions). Attackers can exploit 'id_alu' in report card URLs to access sensitive data. Persistent session tokens increase risk. Prioritize mitigation! https://radar.offseq.com/threat/cve-2026-2247-cwe-89-improper-neutralization-of-sp-b8f5f03e #OffSeq #SQLi #InfoSec #EduSec
-
Why
do we still
have SQL injection vulnerabilities?
I mean, comeon man.
https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
-
Why
do we still
have SQL injection vulnerabilities?
I mean, comeon man.
https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
-
📰 Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection
Critical vulnerabilities found in the Django web framework could lead to Denial-of-Service and SQL Injection attacks. All users are urged to patch their instances immediately. ⚠️ #Django #Vulnerability #PatchNow #SQLi
-
🛑 CRITICAL: CVE-2025-68570 in Captivate Sync (≤3.2.2)—blind SQL Injection with no auth needed. Risk of data theft or loss. Audit, validate inputs, restrict DB rights, monitor for patches. Details: https://radar.offseq.com/threat/cve-2025-68570-improper-neutralization-of-special--dfb7803e #OffSeq #SQLi #Vulnerability #CVE202568570
-
🚨 CVE-2025-10738 (CRITICAL, CVSS 9.8): Unauthenticated SQL Injection in rupok98 URL Shortener Plugin for WordPress (all versions). Exploitation risks full DB compromise. Disable or restrict plugin ASAP! https://radar.offseq.com/threat/cve-2025-10738-cwe-89-improper-neutralization-of-s-08eed048 #OffSeq #WordPress #SQLi #Infosec
-
🚨 CVE-2025-13089: HIGH-severity SQL Injection in WP Directory Kit (all versions). Unauthenticated attackers can leak sensitive DB info via 'hide_fields' & 'attr_search'. Mitigate: disable plugin or use WAF. https://radar.offseq.com/threat/cve-2025-13089-cwe-89-improper-neutralization-of-s-39a10248 #OffSeq #WordPress #Vuln #SQLi
-
#PHP and #Wordpress are good if you Master. If you didn't, give more time on testing, else you can be target of old known vulnerabilities like SQLi, that use the same technique after more than 20 years. https://blog.odicforcesounds.com/preteanSecurity.html #security #SQLi #hacking #exploits and other #fun #tools avaiable for #free on #Internet :)
-
#Django: Patches released to fix CVE-2025-57833 SQL injection #SQLi
#vulnerability :
👇
https://cybersecuritynews.com/django-sql-injection-vulnerability/ -
Evasión avanzada de SQLi (IDS/WAF): técnicas manuales explicadas https://blog.elhacker.net/2025/09/evasion-avanzada-sqli-ids-waf.html #evasion #sqli #ids #waf
-
🛡️ CRITICAL: Komento (Joomla 4.0.0-4.0.7) hit by unauth SQLi (CVE-2025-54294). No patch yet—disable Komento, use WAF, restrict DB rights. Attackers can fully compromise data! Details: https://radar.offseq.com/threat/cve-2025-54294-cwe-89-improper-neutralization-of-s-da821b19 #OffSeq #Joomla #SQLi #Infosec
-
Latest lab write-up. Came out a bit long but very informative.
https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger
-
Codeby.Games. CTF TASK «СМС»/«SMS»
Приветствую всех любителей CTF и этичного хакинга на стороне Red Team! В этой статье мы рассмотрим прохождение легкого таска «СМС», разработанного пентестерами из команды Codeby.Games. Справка: codeby.games — отечественный условно бесплатный веб‑проект, где каждый может попрактиковаться в оттачивании навыков наступательной кибербезопасности. Таски (задания) представлены в широком спектре: начиная от использования методов OSINT и заканчивая компрометацией учебного домена Active Directory. CTF разделяются на три группы — «Легкий», «Средний», «Сложный» в различных категориях. Но подробнее об этом — на официальном сайте проекта. Итак, приступим. Задание «СМС» находится в категории «Квесты».
-
It's been a while but here is another SQLi lab. Enjoy!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
-
Completed the SQLMap Essentials module on HTB Academy. The skills assessment was quite tough, but solid practice. Moving on.
https://academy.hackthebox.com/achievement/922218/58
#hackthebox #htbacademy #cybersecurity #sqli #sqlmap #sqlinjection #bugbounty #learningjourney
-
I just completed module SQL Injection Fundamentals in HTB Academy!
My first HTBA module of medium difficulty 🚀
The best one so far 👍
https://academy.hackthebox.com/achievement/922218/33
#hackthebox #htbacademy #cybersecurity #BugBounty #sqli #sqlinjection
-
Remote Code Execution через SQL инъекцию в Zabbix (CVE-2024-42327)
27 ноября 2024 года была выявлена критическая уязвимость в Zabbix с CVSS-оценкой 9.9 , представляющая собой SQL-инъекцию в одном из эндпоинтов API Zabbix. Уязвимость позволяет атакующему, имеющему доступ к API, выполнить произвольные SQL-запросы. При определённых настройках Zabbix, которые разрешают удалённое выполнение команд через агентов, эта уязвимость может быть использована для полной компрометации инфраструктуры , находящейся под мониторингом Zabbix.
-
Last in a series of 3 labs. Enjoy
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
-
Seria podatności w systemach samochodów Mazda dotycząca Connectivity Master Unit
Czytelnicy z dłuższym stażem zapewne pamiętają podatność w samochodach Nissan i Mazda, która powodowała reboot systemu audio. Mazda ponownie ma problemy związane z błędami w systemie Mazda Connect Connectivity Master Unit (CMU), który wykorzystuje system operacyjny Linux i jest instalowany w wielu modelach samochodów tego producenta. Błędy zostały odkryte przez badaczy...
#WBiegu #Cve #Mazda #Rce #Sqli
https://sekurak.pl/seria-podatnosci-w-systemach-samochodow-mazda-dotyczaca-connectivity-master-unit/
-
Die SQLI Deutschland GmbH aus Dortmund spendete rund 40 Laptops, die das Unternehmen nicht mehr verwendet.
Das Foto zeigt v.l.n.r. Lynn Haustov, Annika Ekici, Armin Cibulski (Labdoo Hub Iserlohn), Christian Schacht (GF) und Patrick Heinrich (IT), alle von SQLI.
Vielen Dank für eure IT-Spende https://platform.labdoo.org/de/content/dootronics-dashboard?search=SQLI (weitere Laptops folgen noch).
#labdoo #sqli #dortmund #phoenixsee #laptop #spende #danke -
Die SQLI Deutschland GmbH aus Dortmund spendete rund 40 Laptops, die das Unternehmen nicht mehr verwendet.
Das Foto zeigt v.l.n.r. Lynn Haustov, Annika Ekici, Armin Cibulski (Labdoo Hub Iserlohn), Christian Schacht (GF) und Patrick Heinrich (IT), alle von SQLI.
Vielen Dank für eure IT-Spende https://platform.labdoo.org/de/content/dootronics-dashboard?search=SQLI (weitere Laptops folgen noch).
#labdoo #sqli #dortmund #phoenixsee #laptop #spende #danke