home.social

#sqli — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #sqli, aggregated by home.social.

  1. #Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites.
    Patch now!:
    👇
    thehackernews.com/2026/07/new-

  2. #Wordpress: Critical Remote Code Execution (#RCE) chain of vulnerabilities CVE-2026-63030 and #SQLi SQL Injection CVE-2026-60137 dubbed #wp2shell in WordPress Core threaten 500+ million of websites.
    Patch now!:
    👇
    thehackernews.com/2026/07/new-

  3. CVE-2026-8402: Eksagate SYSGUARD 6001 (2.0.2 – <6.1.16.0) has a CRITICAL SQL injection (CVSS 9.8). Unsupported by vendor — no fix expected. Isolate or replace affected systems. radar.offseq.com/threat/cve-20 #OffSeq #CVE20268402 #SQLi #Infosec

  4. CVE-2026-13496 (MEDIUM): SQL injection in itsourcecode Hospital Management System 1.0 via /ajaxmedicine.php (medicineid param). No patch yet. Restrict endpoint & use WAF. More: radar.offseq.com/threat/cve-20 #OffSeq #infosec #SQLi #HealthcareSecurity

  5. CVE-2026-13486 | SQL injection in SourceCodester Class and Exam Timetabling System (v1.0/6.php). MEDIUM severity. Exploit public for /preview6.php — remote attackers can target course_year_section param. Monitor & mitigate. radar.offseq.com/threat/cve-20 #OffSeq #Vuln #SQLi #AppSec

  6. CVE-2026-11490 - SQLi in code-projects Online Music Site 1.0. /Frontend/Search.php Category param. Remote attack, public exploit. CVSS 7.3. No patch available. Mitigate immediately. #CVE #infosec #SQLi

    valtersit.com/cve/CVE-2026-114

  7. CVE-2026-11334 - SQL injection in Tittuvarghese CollegeManagementSystem. Remote exploit via department_code parameter. CVSS 7.3. Public exploit available. Update immediately if using this software. #CVE #infosec #SQLi

    valtersit.com/cve/CVE-2026-113

  8. 🛡️ CRITICAL: CVE-2026-45779 in Open XDMoD < 10.0.3 enables unauthenticated SQL injection — total DB compromise possible! Patch to 10.0.3+ or apply manual fix. No known exploitation yet. Details: radar.offseq.com/threat/cve-20 #OffSeq #Vuln #SQLi #HPC

  9. 📰 Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites

    📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/gh

  10. 📰 Critical Ghost CMS Flaw (CVE-2026-26980) Exploited to Inject Malware on 700+ Sites

    📢 GHOST CMS HACKED: A critical SQL injection flaw (CVE-2026-26980) is being mass-exploited to hack Ghost sites. Attackers steal API keys to inject malware that targets visitors. Over 700 sites hit. Patch and rotate keys NOW! #GhostCMS #CVE #SQLi

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/gh

  11. 📰 Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites

    🚨 CRITICAL vulnerability in Drupal Core (CVE-2026-9082)! Unauthenticated SQL injection affects sites using PostgreSQL, allowing for potential RCE. Patch immediately! #Drupal #CyberSecurity #SQLi #Vulnerability

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/cr

  12. 📰 Critical Unauthenticated SQLi Flaw in Drupal Core Hits PostgreSQL Sites

    🚨 CRITICAL vulnerability in Drupal Core (CVE-2026-9082)! Unauthenticated SQL injection affects sites using PostgreSQL, allowing for potential RCE. Patch immediately! #Drupal #CyberSecurity #SQLi #Vulnerability

    🌐 cyber[.]netsecops[.]io

    🔗 cyber.netsecops.io/articles/cr

  13. MEDIUM severity: CVE-2026-7028 impacts CodeAstro Online Job Portal 1.0. SQL injection possible via /admin/jobs-admins/delete-jobs.php (ID param). Exploit is public — monitor for attacks and restrict access! radar.offseq.com/threat/cve-20 #OffSeq #SQLi #Vulnerability #InfoSec

  14. 🚨 CRITICAL: CyferShepard Jellystat <1.1.10 vulnerable to SQL injection (CVE-2026-41167). Auth’d users can read any DB table & execute commands on the PostgreSQL host. Upgrade to 1.1.10 ASAP! radar.offseq.com/threat/cve-20 #OffSeq #Jellystat #SQLi #Infosec

  15. 🚨 CRITICAL SQL injection (CVE-2026-37749) in CodeAstro Simple Attendance Management System v1.0: Remote unauthenticated attackers can bypass authentication via index.php. Restrict access & deploy WAFs until a patch arrives. radar.offseq.com/threat/cve-20 #OffSeq #SQLi #Infosec

  16. 🚨 CRITICAL: CVE-2026-27681 in SAP BPC & BW (CVSS 9.9). Authenticated users can inject SQL, risking data integrity & availability. No patch yet — restrict access & monitor DB activity. radar.offseq.com/threat/cve-20 #OffSeq #SAP #Vuln #SQLi

  17. ⚠️ CVE-2026-5019: SQL injection in code-projects Simple Food Order System 1.0 (all-orders.php, Status param). MEDIUM severity, public exploit available — remote attackers at risk. Monitor and restrict exposure. radar.offseq.com/threat/cve-20 #OffSeq #SQLi #Vuln

  18. ⚠️ HIGH severity alert: CVE-2026-2580 – SQL Injection in flippercode WP Maps plugin for WordPress (all versions). Unauthenticated attackers can exfiltrate data via 'orderby'. Patch or mitigate ASAP. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #SQLi

  19. 🔴 CVE-2026-27413: CRITICAL Blind SQL Injection in Cozmoslabs Profile Builder Pro (≤3.13.9) allows unauthenticated data exfiltration. No patch yet — restrict access, monitor logs. Details: radar.offseq.com/threat/cve-20 #OffSeq #WordPress #SQLi #Infosec

  20. 🚨 CVE-2026-22730: HIGH-severity SQL injection in VMware Spring AI (1.0.x, 1.1.x) lets users with limited privileges run arbitrary SQL via MariaDBFilterExpressionConverter. Patch ASAP & harden input validation! radar.offseq.com/threat/cve-20 #OffSeq #VMware #SQLi #Infosec

  21. 🚨 CRITICAL: CVE-2026-2584 in Ciser CSIP firmware 3.0 – 5.1 enables unauthenticated SQL injection via login interface. Config data at risk — patch not yet released. Restrict access & monitor now. radar.offseq.com/threat/cve-20 #OffSeq #CVE20262584 #SQLi #FirmwareSecurity

  22. CVE-2026-2247: HIGH-severity SQL injection in Clickedu SaaS (all versions). Attackers can exploit 'id_alu' in report card URLs to access sensitive data. Persistent session tokens increase risk. Prioritize mitigation! radar.offseq.com/threat/cve-20 #OffSeq #SQLi #InfoSec #EduSec

  23. 📰 Critical Flaws in Django Framework Expose Sites to DoS and SQL Injection

    Critical vulnerabilities found in the Django web framework could lead to Denial-of-Service and SQL Injection attacks. All users are urged to patch their instances immediately. ⚠️ #Django #Vulnerability #PatchNow #SQLi

    🔗 cyber.netsecops.io/articles/cr

  24. 🛑 CRITICAL: CVE-2025-68570 in Captivate Sync (≤3.2.2)—blind SQL Injection with no auth needed. Risk of data theft or loss. Audit, validate inputs, restrict DB rights, monitor for patches. Details: radar.offseq.com/threat/cve-20 #OffSeq #SQLi #Vulnerability #CVE202568570

  25. 🚨 CVE-2025-10738 (CRITICAL, CVSS 9.8): Unauthenticated SQL Injection in rupok98 URL Shortener Plugin for WordPress (all versions). Exploitation risks full DB compromise. Disable or restrict plugin ASAP! radar.offseq.com/threat/cve-20 #OffSeq #WordPress #SQLi #Infosec

  26. 🚨 CVE-2025-13089: HIGH-severity SQL Injection in WP Directory Kit (all versions). Unauthenticated attackers can leak sensitive DB info via 'hide_fields' & 'attr_search'. Mitigate: disable plugin or use WAF. radar.offseq.com/threat/cve-20 #OffSeq #WordPress #Vuln #SQLi

  27. #PHP and #Wordpress are good if you Master. If you didn't, give more time on testing, else you can be target of old known vulnerabilities like SQLi, that use the same technique after more than 20 years. blog.odicforcesounds.com/prete #security #SQLi #hacking #exploits and other #fun #tools avaiable for #free on #Internet :)

  28. 🛡️ CRITICAL: Komento (Joomla 4.0.0-4.0.7) hit by unauth SQLi (CVE-2025-54294). No patch yet—disable Komento, use WAF, restrict DB rights. Attackers can fully compromise data! Details: radar.offseq.com/threat/cve-20 #OffSeq #Joomla #SQLi #Infosec

  29. Codeby.Games. CTF TASK «СМС»/«SMS»

    Приветствую всех любителей CTF и этичного хакинга на стороне Red Team! В этой статье мы рассмотрим прохождение легкого таска «СМС», разработанного пентестерами из команды Codeby.Games. Справка: codeby.games — отечественный условно бесплатный веб‑проект, где каждый может попрактиковаться в оттачивании навыков наступательной кибербезопасности. Таски (задания) представлены в широком спектре: начиная от использования методов OSINT и заканчивая компрометацией учебного домена Active Directory. CTF разделяются на три группы — «Легкий», «Средний», «Сложный» в различных категориях. Но подробнее об этом — на официальном сайте проекта. Итак, приступим. Задание «СМС» находится в категории «Квесты».

    habr.com/ru/articles/893092/

    #CTF #redteam #task #sqli #hash

  30. I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.

    bbence.me/blog/2025-03-09_ntlm

    I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.

    #pentesting #sqli #blog #security

  31. Remote Code Execution через SQL инъекцию в Zabbix (CVE-2024-42327)

    27 ноября 2024 года была выявлена критическая уязвимость в Zabbix с CVSS-оценкой 9.9 , представляющая собой SQL-инъекцию в одном из эндпоинтов API Zabbix. Уязвимость позволяет атакующему, имеющему доступ к API, выполнить произвольные SQL-запросы. При определённых настройках Zabbix, которые разрешают удалённое выполнение команд через агентов, эта уязвимость может быть использована для полной компрометации инфраструктуры , находящейся под мониторингом Zabbix.

    habr.com/ru/articles/865828/

    #RCE #SQLi #zabbix #pentest #cve

  32. Seria podatności w systemach samochodów Mazda dotycząca Connectivity Master Unit

    Czytelnicy z dłuższym stażem zapewne pamiętają podatność w samochodach Nissan i Mazda, która powodowała reboot systemu audio. Mazda ponownie ma problemy związane z błędami w systemie Mazda Connect Connectivity Master Unit (CMU), który wykorzystuje system operacyjny Linux i jest instalowany w wielu modelach samochodów tego producenta. Błędy zostały odkryte przez badaczy...

    #WBiegu #Cve #Mazda #Rce #Sqli

    sekurak.pl/seria-podatnosci-w-

  33. Die SQLI Deutschland GmbH aus Dortmund spendete rund 40 Laptops, die das Unternehmen nicht mehr verwendet.
    Das Foto zeigt v.l.n.r. Lynn Haustov, Annika Ekici, Armin Cibulski (Labdoo Hub Iserlohn), Christian Schacht (GF) und Patrick Heinrich (IT), alle von SQLI.
    Vielen Dank für eure IT-Spende platform.labdoo.org/de/content (weitere Laptops folgen noch).
    #labdoo #sqli #dortmund #phoenixsee #laptop #spende #danke

  34. Die SQLI Deutschland GmbH aus Dortmund spendete rund 40 Laptops, die das Unternehmen nicht mehr verwendet.
    Das Foto zeigt v.l.n.r. Lynn Haustov, Annika Ekici, Armin Cibulski (Labdoo Hub Iserlohn), Christian Schacht (GF) und Patrick Heinrich (IT), alle von SQLI.
    Vielen Dank für eure IT-Spende platform.labdoo.org/de/content (weitere Laptops folgen noch).
    #labdoo #sqli #dortmund #phoenixsee #laptop #spende #danke