Export limit exceeded: 19719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-12914 1 Aapanel 1 Baota 2026-04-15 4.7 Medium
A vulnerability has been found in aaPanel BaoTa up to 11.2.x. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.3.0 is able to resolve this issue. It is recommended to upgrade the affected component.
CVE-2024-34988 2026-04-15 9.8 Critical
SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" (askforaquotemodul) <= 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods `AskforaquotemodulcustomernewquoteModuleFrontController::run()`, `AskforaquotemoduladdproductnewquoteModuleFrontController::run()`, `AskforaquotemodulCouponcodeModuleFrontController::run()`, `AskforaquotemodulgetshippingcostModuleFrontController::run()`, `AskforaquotemodulgetstateModuleFrontController::run().`
CVE-2025-1537 2026-04-15 6.3 Medium
A vulnerability was found in Harpia DiagSystem 12. It has been rated as critical. This issue affects some unknown processing of the file /diagsystem/PACS/atualatendimento_jpeg.php. The manipulation of the argument codexame leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-47438 2026-04-15 6.5 Medium
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
CVE-2025-0404 1 Liujianview 1 Gymxmjpa 2026-04-15 6.3 Medium
A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the argument coachName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-10266 1 Newtype Infortech 1 Nup Portal 2026-04-15 9.8 Critical
NUP Pro developed by NewType Infortech has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-2386 1 Flippercode 1 Google Map 2026-04-15 8.8 High
The WordPress Plugin for Google Maps – WP MAPS plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'put_wpgm' shortcode in all versions up to, and including, 4.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2025-1117 2026-04-15 7.3 High
A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.3 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2024-28303 1 Sourcecodester 1 Open Source Medicine Ordering System 2026-04-15 9.8 Critical
Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php.
CVE-2024-28389 2026-04-15 9.8 Critical
SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method.
CVE-2024-29732 2026-04-15 9.8 Critical
A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter.
CVE-2025-15450 1 Sfturing 1 Hosp Order 2026-04-15 6.3 Medium
A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-45754 1 Centreon 1 Centreon 2026-04-15 7.2 High
An issue was discovered in the centreon-bi-server component in Centreon BI Server 24.04.x before 24.04.3, 23.10.x before 23.10.8, 23.04.x before 23.04.11, and 22.10.x before 22.10.11. SQL injection can occur in the listing of configured reporting jobs. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2024-46532 1 Kancloud 1 Openhis 2026-04-15 9.8 Critical
SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.
CVE-2024-33269 1 Communitydeveloper 1 Prestaddons Flashsales 2026-04-15 9.8 Critical
SQL Injection vulnerability in Prestaddons flashsales 1.9.7 and before allows an attacker to run arbitrary SQL commands via the FsModel::getFlashSales method.
CVE-2013-10033 2 Kimai, Kimai Project 2 Kimai, Kimai 2026-04-15 N/A
An unauthenticated SQL injection vulnerability exists in Kimai version 0.9.2.x via the db_restore.php endpoint. The flaw allows attackers to inject arbitrary SQL queries into the dates[] POST parameter, enabling file write via INTO OUTFILE under specific environmental conditions. This can lead to remote code execution by writing a PHP payload to the web-accessible temporary directory. The vulnerability has been confirmed in versions including 0.9.2.beta, 0.9.2.1294.beta, and 0.9.2.1306-3.
CVE-2025-57423 1 Myclub 1 Myclub 2026-04-15 6.5 Medium
A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database.
CVE-2025-28076 1 Easyvirt 2 Co2scope, Dcscope 2026-04-15 6.5 Medium
Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates.
CVE-2024-45757 2026-04-15 7.2 High
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2025-2928 1 Genetec 1 Security Center 2026-04-15 7.2 High
SQL Injection affecting the Archiver role.