Export limit exceeded: 358957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-7349 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates. | ||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | ||||
| CVE-2015-2242 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | ||||
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | ||||
| CVE-2015-6345 | 1 Cisco | 1 Secure Access Control Server | 2025-04-12 | N/A |
| SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700. | ||||
| CVE-2015-4064 | 1 Landing Pages Project | 1 Landing Pages | 2025-04-12 | N/A |
| SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. | ||||
| CVE-2022-44137 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-11 | 7.2 High |
| SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection. | ||||
| CVE-2025-25877 | 1 Angeljudesuarez | 1 Simple Chatbox | 2025-04-11 | 3.8 Low |
| A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data. | ||||
| CVE-2025-1381 | 1 Code-projects | 1 Real Estate Property Management System | 2025-04-11 | 6.3 Medium |
| A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25686 | 1 Sem-cms | 1 Semcms | 2025-04-11 | 9.8 Critical |
| semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | ||||
| CVE-2025-2831 | 1 Mingyuefusu | 1 Library Management System | 2025-04-11 | 6.3 Medium |
| A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. This vulnerability affects the function getBookList of the file /admin/bookList?page=1&limit=10. The manipulation of the argument condition leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-35354 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 9.8 Critical |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_category. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35355 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 9.8 Critical |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_category. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35356 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 6.3 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=save_item. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35357 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 5.3 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=delete_item. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35350 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 9.8 Critical |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /admin/?page=borrow/view_borrow. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35358 | 1 Dino Physics School Assistant Project | 1 Dino Physics School Assistant | 2025-04-11 | 6.5 Medium |
| A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection. | ||||
| CVE-2024-35468 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-11 | 5.4 Medium |
| A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2024-35469 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-11 | 9.8 Critical |
| A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2025-04-11 | 9.8 Critical |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | ||||