Home/Tag/Sql Injection

Sql Injection

11 articles tagged with "Sql Injection"

Vulnerabilities5 min read

700 Sites Hijacked as Ghost CMS SQLi Fuels ClickFix Attacks

Attackers exploit CVE-2026-26980 to steal admin API keys and inject malicious scripts across 700+ Ghost CMS sites, including Harvard and Oxford. Patch now.

Marcus ChenMay 24, 2026

Vulnerabilities3 min read

Drupal SQL Injection Now Under Active Attack — 15K Exploits in 48 Hours

CVE-2026-9082 exploitation began within hours of patch release. Imperva tracked 15,000+ attacks against PostgreSQL-backed Drupal sites across 65 countries in the first two days.

Marcus ChenMay 24, 2026

Vulnerabilities5 min read

SAP Patches CVSS 9.6 SQL Injection and RCE Flaws in S/4HANA, Commerce

SAP's May 2026 security update addresses 15 vulnerabilities, including CVE-2026-34260 SQL injection in S/4HANA and CVE-2026-34263 unauthenticated RCE in Commerce Cloud.

Marcus ChenMay 14, 2026

Vulnerabilities3 min read

LiteLLM SQL Injection Exploited 36 Hours After Disclosure—CISA Issues Deadline

CVE-2026-42208, a CVSS 9.3 pre-auth SQL injection in the LiteLLM LLM gateway, was weaponized within 36 hours of disclosure. CISA added it to KEV with a May 11 federal deadline.

Marcus ChenMay 11, 2026

Vulnerabilities4 min read

LiteLLM SQL Injection Exploited 36 Hours After Disclosure

CVE-2026-42208 lets attackers steal API keys and forge admin sessions in LiteLLM without authentication. Exploitation began within 36 hours of public disclosure.

Marcus ChenApr 29, 2026

Vulnerabilities3 min read

SAP Patches 9.9-Severity SQL Injection in BPC and Business Warehouse

CVE-2026-27681 allows low-privileged users to execute arbitrary SQL commands in SAP Business Planning and Consolidation. CVSS 9.9 - patch immediately.

Marcus ChenApr 19, 2026

Vulnerabilities4 min read

Attackers Exploiting FortiClient EMS SQLi Flaw in the Wild

CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.

Marcus ChenMar 31, 2026

Vulnerabilities3 min read

Fortinet Patches 11 Flaws in FortiManager, FortiAnalyzer, FortiSandbox

Fortinet's March 2026 security advisory addresses 11 vulnerabilities including auth bypass, SQL injection, and buffer overflow flaws affecting enterprise management products.

Marcus ChenMar 22, 2026

Vulnerabilities3 min read

wpForo Forum Plugin Hit by Six Critical Vulnerabilities

WordPress plugin wpForo 2.4.14 contains unauthenticated SQL injection, PHP object injection, and multiple authorization bypass flaws. Over 80,000 sites at risk.

Marcus ChenMar 1, 2026

Vulnerabilities3 min read

Fortinet Patches Critical SQLi-to-RCE Flaw in FortiClientEMS

CVE-2026-21643 allows unauthenticated attackers to chain SQL injection with command execution in FortiClient EMS. CVSS 9.8 affects version 7.4.4—upgrade to 7.4.5 immediately.

Marcus ChenFeb 12, 2026

Vulnerabilities4 min read

SAP Patches CVSS 9.9 SQL Injection in January Update

January 2026 Patch Day addresses 17 flaws including four HotNews vulnerabilities. CVE-2026-0501 allows authenticated attackers to compromise S/4HANA financial systems.

Marcus ChenJan 13, 2026