Export limit exceeded: 18903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18903 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24096 | 2 Carmelo, Code-projects | 2 Computer Book Store, Computer Book Store | 2025-04-10 | 7.8 High |
| Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. | ||||
| CVE-2007-10001 | 1 Web-cyradm Project | 1 Web-cyradm | 2025-04-10 | 3.5 Low |
| A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability. | ||||
| CVE-2022-40049 | 1 Theme Park Ticketing System Project | 1 Theme Park Ticketing System | 2025-04-10 | 7.5 High |
| SQL injection vulnerability in sourcecodester Theme Park Ticketing System 1.0 allows remote attackers to view sensitive information via the id parameter to the /tpts/manage_user.php page. | ||||
| CVE-2022-39072 | 1 Zte | 4 Mf286r, Mf286r Firmware, Mf289d and 1 more | 2025-04-10 | 5.4 Medium |
| There is a SQL injection vulnerability in Some ZTE Mobile Internet products. Due to insufficient validation of the input parameters of the SNTP interface, an authenticated attacker could use the vulnerability to execute stored XSS attacks. | ||||
| CVE-2024-28279 | 2 Carmelo, Code-projects | 2 Computer Book Store, Computer Book Store | 2025-04-10 | 7.3 High |
| Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. | ||||
| CVE-2022-22338 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 219510. | ||||
| CVE-2024-30985 | 1 Phpgurukul | 1 Client Management System | 2025-04-10 | 9.8 Critical |
| SQL Injection vulnerability in "B/W Dates Reports" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "todate" and "fromdate" parameters. | ||||
| CVE-2024-30990 | 1 Phpgurukul | 1 Client Management System | 2025-04-10 | 9.8 Critical |
| SQL Injection vulnerability in the "Invoices" page in phpgurukul Client Management System using PHP & MySQL 1.1 allows attacker to execute arbitrary SQL commands via "searchdata" parameter. | ||||
| CVE-2014-125046 | 1 Cub-scout-tracker Project | 1 Cub-scout-tracker | 2025-04-10 | 5.5 Medium |
| A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551. | ||||
| CVE-2022-47523 | 1 Zohocorp | 3 Manageengine Access Manager Plus, Manageengine Pam360, Manageengine Password Manager Pro | 2025-04-09 | 9.8 Critical |
| Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. | ||||
| CVE-2025-3119 | 1 Oretnom23 | 1 Online Tutor Portal | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Tutor Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /tutor/courses/manage_course.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3137 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-04-09 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PHPGurukul Online Security Guards Hiring System 1.0. Affected is an unknown function of the file /admin/changeimage.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3138 | 1 Phpgurukul | 1 Online Security Guards Hiring System | 2025-04-09 | 7.3 High |
| A vulnerability has been found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit-guard-detail.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3140 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /view_category.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3141 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-09 | 6.3 Medium |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2018-25070 | 1 Aista | 1 Phosphorus Five | 2025-04-09 | 5.5 Medium |
| A vulnerability has been found in polterguy Phosphorus Five up to 8.2 and classified as critical. This vulnerability affects the function csv.Read of the file plugins/extras/p5.mysql/NonQuery.cs of the component CSV Import. The manipulation leads to sql injection. Upgrading to version 8.3 is able to address this issue. The patch is identified as c179a3d0703db55cfe0cb939b89593f2e7a87246. It is recommended to upgrade the affected component. VDB-217606 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-40828 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 9.8 Critical |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | ||||
| CVE-2022-40827 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | 9.8 Critical |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | ||||
| CVE-2025-22140 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||
| CVE-2025-22141 | 1 Wegia | 1 Wegia | 2025-04-09 | 8.8 High |
| WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | ||||