Export limit exceeded: 19724 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19724 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-0942 | 1 Jalios | 1 Jcms | 2026-04-15 | 8.6 High |
| The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection. This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06. | ||||
| CVE-2024-6160 | 1 Jan Syski | 1 Megabip | 2026-04-15 | N/A |
| SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages. This issue affects MegaBIP software versions through 5.12.1. | ||||
| CVE-2024-34310 | 1 Bjjfsd | 1 Jin Fang Times Content Management System | 2026-04-15 | 8.8 High |
| Jin Fang Times Content Management System v3.2.3 was discovered to contain a SQL injection vulnerability via the id parameter. | ||||
| CVE-2023-36525 | 2 Wordpress, Wpjobboard | 2 Wordpress, Wpjobboard | 2026-04-15 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0. | ||||
| CVE-2024-40498 | 1 Puneethreddyhc | 1 Online Shopping System Advanced | 2026-04-15 | 9.8 Critical |
| SQL Injection vulnerability in PuneethReddyHC Online Shopping sysstem advanced v.1.0 allows an attacker to execute arbitrary code via the register.php | ||||
| CVE-2025-12248 | 1 Cltphp | 1 Cltphp | 2026-04-15 | 7.3 High |
| A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2024-5543 | 1 Tribulant | 1 Slideshow Gallery Lite | 2026-04-15 | 8.1 High |
| The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-2661 | 2026-04-15 | 8.8 High | ||
| The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2021-47777 | 1 Ribccs | 1 Build Smart Erp | 2026-04-15 | 8.2 High |
| Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify database information. | ||||
| CVE-2025-50567 | 1 Saurus | 1 Saurus Cms | 2026-04-15 | 10 Critical |
| Saurus CMS Community Edition 4.7.1 contains a vulnerability in the custom DB::prepare() function, which uses preg_replace() with the deprecated /e (eval) modifier to interpolate SQL query parameters. This leads to injection of user-controlled SQL statements, potentially leading to arbitrary PHP code execution. | ||||
| CVE-2024-28297 | 1 Azursoft | 1 Myhorus | 2026-04-15 | 7.5 High |
| SQL injection vulnerability in AzureSoft MyHorus 4.3.5 allows authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2025-59397 | 1 Openwebanalytics | 1 Open Web Analytics | 2026-04-15 | 5 Medium |
| Open Web Analytics (OWA) before 1.8.1 allows owa_db.php v[value] SQL injection. | ||||
| CVE-2024-11025 | 2026-04-15 | 5.4 Medium | ||
| An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device. | ||||
| CVE-2025-7886 | 2026-04-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, was found in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. This affects the function getUserLanguage of the file classes/class.database.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-7827 | 1 Wpeasycart | 1 Shopping Cart \& Ecommerce Store | 2026-04-15 | 8.8 High |
| The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to boolean-based SQL Injection via the ‘model_number’ parameter in all versions up to, and including, 5.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-3342 | 2026-04-15 | 9.9 Critical | ||
| The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2023-3942 | 2026-04-15 | 7.5 High | ||
| An 'SQL Injection' vulnerability, due to improper neutralization of special elements used in SQL commands, exists in ZKTeco-based OEM devices. This vulnerability allows an attacker to, in some cases, impersonate another user or perform unauthorized actions. In other instances, it enables the attacker to access user data and system parameters from the database. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly other, Standalone service v. 2.1.6-20200907 and possibly others. | ||||
| CVE-2024-33267 | 1 Htc | 1 Hero | 2026-04-15 | 9.8 Critical |
| SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent() function. | ||||
| CVE-2024-55212 | 2026-04-15 | 6.5 Medium | ||
| DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx. | ||||
| CVE-2024-8679 | 2026-04-15 | 6.8 Medium | ||
| The Library Management System – Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the ‘value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||