Export limit exceeded: 18788 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18788 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25636 | 1 Zeeways | 2 Jobsite Cms, Zeejobsite | 2026-04-15 | 8.2 High |
| Zeeways Jobsite CMS contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' GET parameter. Attackers can send crafted requests to news_details.php, jobs_details.php, or job_cmp_details.php with malicious 'id' values using GROUP BY and CASE statements to extract sensitive database information. | ||||
| CVE-2026-23780 | 1 Bmc | 1 Control-m | 2026-04-15 | 8.8 High |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution. | ||||
| CVE-2026-36234 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-15 | 9.8 Critical |
| itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter. | ||||
| CVE-2026-36235 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation. | ||||
| CVE-2026-36232 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation. | ||||
| CVE-2026-36233 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation. | ||||
| CVE-2026-36236 | 2 Janobe, Sourcecodester | 2 Engineers Online Portal, Engineers Online Portal | 2026-04-15 | 9.8 Critical |
| SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. | ||||
| CVE-2026-36872 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | ||||
| CVE-2026-36873 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | ||||
| CVE-2026-36874 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | ||||
| CVE-2026-36946 | 2 Oretnom23, Sourcecodester | 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | ||||
| CVE-2026-36947 | 2 Oretnom23, Sourcecodester | 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | ||||
| CVE-2026-36922 | 2 Oretnom23, Sourcecodester | 2 Cab Management System, Cab Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | ||||
| CVE-2026-36923 | 2 Oretnom23, Sourcecodester | 2 Cab Management System, Cab Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | ||||
| CVE-2019-25635 | 1 Zeeways | 2 Matrimony Cms, Zeeways Matrimony Cms | 2026-04-15 | 8.2 High |
| Zeeways Matrimony CMS contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries through the profile_list endpoint. Attackers can inject SQL code via the up_cast, s_mother, and s_religion parameters to extract sensitive database information using time-based or error-based techniques. | ||||
| CVE-2025-15441 | 2 10web, Wordpress | 2 Form Maker, Wordpress | 2026-04-15 | 6.8 Medium |
| The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain contexts. | ||||
| CVE-2026-3830 | 2 Wbw, Wordpress | 2 Product Filter For Woocommerce, Wordpress | 2026-04-15 | 8.6 High |
| The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL injection attacks | ||||
| CVE-2023-54359 | 2 Adivaha, Wordpress | 2 Wordpress Adivaha Travel Plugin, Wordpress | 2026-04-15 | 8.2 High |
| WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25638 | 1 Meeplace | 1 Meeplace Business Review Script | 2026-04-15 | 7.1 High |
| Meeplace Business Review Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send GET requests to the addclick.php endpoint with crafted SQL payloads in the 'id' parameter to extract sensitive database information or cause denial of service. | ||||
| CVE-2019-25643 | 1 Endonesia | 1 Endonesia | 2026-04-15 | 8.2 High |
| eNdonesia Portal v8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bid parameter. Attackers can send GET requests to banners.php with crafted SQL payloads in the bid parameter to extract sensitive database information from the INFORMATION_SCHEMA tables. | ||||