#SQLI

The New Oil

@thenewoil.org

29 minutes ago

SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.

#SQLi flaw in #Elementor #Ally plugin impacts 250k+ #WordPress sites

www.bleepingcomputer.com/news/security/sqli-flaw-...

#cybersecurity

Ahmandonk

@ahmandonk.bsky.social

3 days ago

📰 Kerentanan SQL Injection pada Plugin Elementor Ally Ancam Lebih dari 250 Ribu Situs WordPress

👉 Baca artikel lengkap di sini: ahmandonk.com/2026/03/12/kerentanan-sq...

#cyberSecurity #keamananSiber #sqli #vulnerability #wordpress

Offensive Sequence

@offseq.bsky.social

1 week ago

CVE-2026-2584: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2584 identifies a critical SQL Injection (SQLi) vulnerability in the authentication module of the CSIP firmware developed by Ciser System SL, affecting versions 3.0 through 5.1. The vulnerability arises from improper neutralization

CRITICAL SQL Injection in Ciser CSIP firmware (v3.0 – 5.1): Unauthenticated attackers can fully compromise config data. No patch yet — lock down access & monitor closely. Details: radar.offseq.com/threat/cve-2026-2584-cwe... #OffSeq #SQLi #CVE20262584

Offensive Sequence

@offseq.bsky.social

3 weeks ago

CVE-2026-2247: CWE-89 Improper Neutralization of Special Elements used in an SQL CVE-2026-2247 identifies a critical SQL injection vulnerability (CWE-89) in the Clickedu SaaS platform, widely used for educational management. The flaw exists in the report generation functionality accessed through the mobile application,

HIGH-severity SQL injection in Clickedu SaaS (all versions): Authenticated users can exploit report card URLs to access student data. Enforce input validation & session controls now. radar.offseq.com/threat/cve-2026-2247-cwe... #OffSeq #SQLi #Educati...

Happy Hacking Space

@happyhackingspace.bsky.social

1 month ago

New Tool Alert

pirebok - a guided adversarial fuzzer with evolutionary search

Give it a payload. It mutates it until it bypasses the WAF.

#infosec #waf #sqli #fuzzing #pentesting #python #opensource #HappyHackingSpace #Diyarbakir

Bill

@sempf.infosec.exchange.ap.brid.gy

1 month ago

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may

Why

do we still

have SQL injection vulnerabilities?

I mean, comeon man.

thehackernews.com/2026/02/fortinet-patches...

#fortinet #sqli

ReconBee

@reconbee.bsky.social

1 month ago

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution wild is not mentioned by Fortinet read more about Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution reconbee.com/fortinet-pat...

#fortinet #SQLi #codeexecution #cybersecurity #cyberattack

Red Hot Cyber

@redhotcyber.bsky.social

1 month ago

Vulnerabilità critica in Fortinet FortiClientEMS 7. Una SQL Injection da 9.8 che richiede attenzione

📌 Link all'articolo : www.redhotcyber.com/post/vul...

#redhotcyber #news #cybersecurity #hacking #vulnerabilita #fortinet #forticlientems #sqli #iniezionesql

CyberNetSecIO

@netsecio.bsky.social

1 month ago

Critical vulnerabilities found in the Django web framework could lead to Denial-of-Service and SQL Injection attacks. All users are urged to patch their instances immediately. ⚠️ #Django #Vulnerability #PatchNow #SQLi

Checkmarx Zero

@checkmarxzero.bsky.social

2 months ago

🚨 Alert #WeKnora users! 2 High Severity #CVEs were released.
CVE-2026-22687: #SQLi in the Agent service DB query tool. Due to insufficient backend checks an attacker can use prompt‑based bypass to avoid query restrictions and obtain sensitive information from the server and DB. buff.ly/kQXicrG

BaseFortify.eu

@basefortify.bsky.social

2 months ago

SAP logo on a purple-to-blue gradient background, representing the affected SAP S/4HANA platform.

🚨 CVE of the Day: CVE-2026-0501

Critical SQL injection in SAP S/4HANA (Private Cloud & On-Premise) allows authenticated users to read, modify, or delete backend financial data.

🔍 Full report:
basefortify.eu/cve_reports/...

#CVE #SAP #S4HANA #SQLi 🚨

ProyectoA - AjpdSoft

@proyectoa.bsky.social

2 months ago

Desarrollo de App de pentesting automático con Python » Proyecto A Desarrollo de aplicación en Python para análisis automático de vulnerabilidades en sitios web. Almacena el resultado en base de datos para su consulta posterior. Guarda los sitios web a analizar y ana...

Desarrollo de App de pentesting automático con Python proyectoa.com/desarrollo-d...

Desarrollo de aplicación en Python para análisis automático de vulnerabilidades en sitios web

#pentest #python #sqli #xss #lfi #ssrf #análisis #vectores #vulnerabilidades

Offensive Sequence

@offseq.bsky.social

2 months ago

Security threat visualization

CRITICAL: Captivate Sync (≤3.2.2) hit by Blind SQLi (CVE-2025-68570) — no auth needed! Audit now, enforce input validation, watch for patches. Protect your data. radar.offseq.com/threat/cve-2025-68570-im... #OffSeq #SQLi #SecurityAlert

Hacking Team

@hackingteam.bsky.social

3 months ago

𝗟𝗼𝗴𝘀𝗲𝗻𝘀𝗼𝗿 🕵🏽‍♂️

Herramienta en Python para descubrir paneles de login y escaneo de SQLi en formularios POST. Soporta escaneo de múltiples hosts, escaneo dirigido de formularios SQLi y proxies. 🛡️

🌐 github.com/Mr-Robert0/L...

#Logsensor #SQLI #Pentesting #CyberSecurity #EthicalHacking #WebPentesting

BaseFortify.eu

@basefortify.bsky.social

3 months ago

Logo of the Ads Pro plugin, showing a purple stylized star with the text ‘ADS’ in purple and ‘PRO’ in a yellow box

🚨 CVE-2025-7402 — Ads Pro Plugin (WordPress)
Time-based SQL injection via ‘site_id’ lets attackers extract sensitive DB data remotely. Patch ASAP to stay safe! 🔐

basefortify.eu/cve_reports/...

#CVE #WordPress #SQLi #CyberSecurity #PatchNow

BaseFortify.eu

@basefortify.bsky.social

4 months ago

suitecrm logo on purple background

🚨 CVE-2025-64492 — SuiteCRM (CVSS 8.8)
Authenticated SQL injection flaw allows attackers to extract data or escalate privileges. Fixed in 8.9.1. 🛡️

🔗 basefortify.eu/cve_reports/...

#CVE #SuiteCRM #SQLi #CyberSecurity #PatchNow

EsGeeks

@esgeeks.bsky.social

4 months ago

Inyección SQL: Qué Es, Ejemplos y Cómo Protegerte [2025] Aprende qué es una inyección SQL, la vulnerabilidad #1 según OWASP. Te mostramos con ejemplos prácticos cómo funciona y las técnicas para evitarla.

Guía de Inyección SQL: Ejemplos Prácticos y Cómo Evitarla #AtaquesHacking #InyecciónSQL #SQLInjection #SQLI 

Offensive Sequence

@offseq.bsky.social

4 months ago

Security threat visualization

🚨 CRITICAL SQL Injection in Epsilon RH v3.03.36.0121: attackers can access or alter HR data without auth. Deploy WAF, validate input, restrict DB access until patch arrives. radar.offseq.com/threat/cve-2025-41028-cw... #OffSeq #SQLi #CVE202541028

Cyber Samir

@cybersamir.bsky.social

5 months ago

SQL Injection: Complete Guide & Prevention SQL Injection: Complete Guide to Understanding and Prevention Introduction SQL injection (SQLi) remains one of the most critical web application vulnerabilities, consistently ranking in the OWASP Top 10. Despite being well-understood for decades, SQL injection attacks continue to compromise databases worldwide, leading to data breaches, financial losses, and reputational damage. This comprehensive guide explains what SQL injection is, how it works, and most importantly—how to protect your applications against it.

Protect your app from SQLi. 💥 Read our complete guide to SQL Injection how it works, real-world examples, and proven prevention strategies every developer should use. #CyberSecurity #SQLi #WebSecurity

Marduk

@marduk-james.bsky.social

5 months ago

Visible Error-Based SQL Injection A Portswigger Lab

Latest #Portswigger SQL lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...

Twuai

@twuai.bsky.social

5 months ago

Ultimate Bug Bounty Full Course 2025 - Hunt Security Flaws & Earn Like a Hacker - Learn Bug Bounty #Ultimate_Bug Bounty_Full_Course_2025 #Hunt_Security_Flaws_&_Earn_Like_a_Hacker #Learn_Bug_Bounty Become a Successful Bug Bounty Hunter — Start Earning in 2024 Want to break into bug bounty hunti...

Ultimate Bug Bounty Full Course 2025 - Hunt Security Flaws & Earn Like a Hacker - Learn Bug Bounty
twuai.com/fp/UCaXkG09M...
#bugbounty #bughunters #hacking #xss #SQLi #websec #cybersec #ethicalhacking #whitehat #halloffame

Marduk

@marduk-james.bsky.social

5 months ago

Blind SQL Injection with Conditional Errors A Portswigger Lab

Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

medium.com/@marduk.i.am...

Twuai

@twuai.bsky.social

5 months ago

Crawl a website with SQLmap and auto-exploit My Telegram : https://t.me/+CxLpra7nFUdjNzEx https://youtube.com/channel/UCBlExcwiG4jzLXMRl8P0l5w

Crawl a website with SQLmap and auto-exploit
twuai.com/search/fstDi...
#bugbounty #tips #cybersec #pentesting #redteam #sqlmap #sqli #exploiting

Offensive Sequence

@offseq.bsky.social

6 months ago

Security threat visualization

CRITICAL SQL injection in PHPGurukul Online Fire Reporting v1.2! Attackers can manipulate DB via 'todate' param. No patch — restrict endpoint access & use WAF rules now. radar.offseq.com/threat/cve-2025-40691-cw... #OffSeq #SQLi #vulnerability

Sam Stepanyan

@securestep9.bsky.social

6 months ago

Django Critical Vulnerability Let attackers Execute Malicious SQL Code on Web Servers The Django development team has issued critical security updates to address a high-severity vulnerability that could allow attackers

#Django: Patches released to fix CVE-2025-57833 SQL injection #SQLi
#vulnerability :
👇

cybersecuritynews.com/django-sql-i...

Checkmarx Zero

@checkmarxzero.bsky.social

6 months ago

Summary of the CVE contents in table form

Someone didn't validate/sanitize incoming user-supplied payment IDs, leading to the flaw. #SQLi #AppSec #SQLinjection

If you use the Cozmoslabs WordPress Paid Membership Subscriptions plugin, update to 2.15.2 or newer. 🧵 2/2

Vlad Drumea

@vladdba.com

6 months ago

PoCs for two SQL Injection vulnerabilities fixed in SQL Server 2022 GDR KB5063814 In this post I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814

New blog post:
In which I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814.
vladdba.com/2025/08/29/p...
#sqlserver #sqldba #microsoftsqlserver #mssqlserver #mssql #mssqldba #sql #security #sqli #sqlinjection

Mario Durand

@mds52.bsky.social

6 months ago

🔥🛡️ #Fortinet #FortiWeb #CVE202525257 #Ciberseguridad #SQLi
🔐 Decenas de dispositivos Fortinet FortiWeb han sido hackeados mediante una vulnerabilidad crítica (CVE-2025-25257) que permite inyección SQL sin autenticación.

Giovanni Popolizio

@giovanni-popolizio.bsky.social

8 months ago

FortiWeb e la falla CVE-2025-25257: Ci risiamo. Fortinet ha recentemente corretto una falla critica identificata come CVE-2025-25257, una SQL injection pre-autenticazione

‌FortiWeb e la falla CVE-2025-25257:
Cinque mesi senza fare nulla! Ed ora Fortinet ha recentemente corretto una falla critica identificata come CVE-2025-25257, una...
www.aiutocomputerhelp.it?p=15410

#CVE_2025_25257 #cybersicurezza #Fabric_Connector #fortinet #FortiWeb #sicurezza_informatica #SQLi

piggo

@pigondrugs.bsky.social

8 months ago

~Trendmicro~
A classic SQLi vulnerability in an archived Anthropic MCP server enables stored prompt injection, leading to AI agent compromise.
-
IOCs: (None identified)
-
#AIsecurity #SQLi #ThreatIntel