Export limit exceeded: 18947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9449 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-20 | N/A |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. | ||||
| CVE-2017-17575 | 1 Groupon Clone Project | 1 Groupon Clone | 2025-04-20 | 9.8 Critical |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. | ||||
| CVE-2017-1002028 | 1 Angrybyte | 1 Gallery-transformation | 2025-04-20 | N/A |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. | ||||
| CVE-2024-31507 | 2 Online Graduate Tracer System Project, Tamparongj03 | 2 Online Graduate Tracer System, Online Graduate Tracer System | 2025-04-18 | 8.6 High |
| Sourcecodester Online Graduate Tracer System v1.0 is vulnerable to SQL Injection via the "request" parameter in admin/fetch_gendercs.php. | ||||
| CVE-2023-45503 | 1 Macs Cms Project | 1 Macs Cms | 2025-04-18 | 5.3 Medium |
| SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints. | ||||
| CVE-2024-50717 | 1 Smarts-srl | 1 Smart Agent | 2025-04-18 | 9.8 Critical |
| SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | ||||
| CVE-2024-34220 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 7.5 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter. | ||||
| CVE-2024-34222 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 5.9 Medium |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the searccountry parameter. | ||||
| CVE-2022-20518 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In query of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224770203 | ||||
| CVE-2022-20517 | 1 Google | 1 Android | 2025-04-18 | 5.5 Medium |
| In getMessagesByPhoneNumber of MmsSmsProvider.java, there is a possible access to restricted tables due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-224769956 | ||||
| CVE-2024-57095 | 1 Go-admin | 1 Go-cms | 2025-04-18 | 6.8 Medium |
| SQL injection vulnerability in Go-CMS v.1.1.10 allows a remote attacker to execute arbitrary code via a crafted payload. | ||||
| CVE-2025-0950 | 1 Angeljudesuarez | 1 Tailoring Management System | 2025-04-18 | 6.3 Medium |
| A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file staffview.php. The manipulation of the argument staffid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-25991 | 1 Hoosk | 1 Hoosk | 2025-04-18 | 5.1 Medium |
| SQL Injection vulnerability in hooskcms v.1.7.1 allows a remote attacker to obtain sensitive information via the /install/index.php component. | ||||
| CVE-2024-48177 | 1 Mrcms | 1 Mrcms | 2025-04-18 | 8.8 High |
| MRCMS 3.1.2 contains a SQL injection vulnerability via the RID parameter in /admin/article/delete.do. | ||||
| CVE-2024-2592 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2024-2591 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2024-2590 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-17 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2024-2589 | 2 Amss\+\+ Project, Amssplus | 2 Amss\+\+, Amss Plus | 2025-04-17 | 8.2 High |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | ||||
| CVE-2023-44088 | 1 Pandorafms | 1 Pandora Fms | 2025-04-17 | 5.9 Medium |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using any account with low privileges. This issue affects Pandora FMS: from 700 through 774. | ||||
| CVE-2023-4675 | 1 Gmbilisim | 1 Multi-disciplinary Design Optimization | 2025-04-17 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GM Information Technologies MDO allows SQL Injection.This issue affects MDO: through 20231229. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||