Total
17598 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3347 | 2 Sanchitkmr, Sourcecodester | 2 Airline Ticket Reservation System, Airline Ticket Reservation System | 2025-02-27 | 7.3 High |
| A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259451. | ||||
| CVE-2023-1357 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2025-02-27 | 7.3 High |
| A vulnerability, which was classified as critical, has been found in SourceCodester Simple Bakery Shop Management System 1.0. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation of the argument username/password with the input admin' or 1=1 -- leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222860. | ||||
| CVE-2023-1360 | 1 Employee Payslip Generator System Project | 1 Employee Payslip Generator System | 2025-02-27 | 4.7 Medium |
| A vulnerability was found in SourceCodester Employee Payslip Generator with Sending Mail 1.2.0 and classified as critical. This issue affects some unknown processing of the file classes/Users.php?f=save of the component New User Creation. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222863. | ||||
| CVE-2023-1361 | 1 Bumsys Project | 1 Bumsys | 2025-02-27 | 6.5 Medium |
| SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. | ||||
| CVE-2023-1368 | 1 Xhcms Project | 1 Xhcms | 2025-02-27 | 7.3 High |
| A vulnerability was found in XHCMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php of the component POST Parameter Handler. The manipulation of the argument user leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222874 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-27463 | 1 Siemens | 1 Ruggedcom Crossbow | 2025-02-27 | 8.8 High |
| A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). The audit log form of affected applications is vulnerable to SQL injection. This could allow authenticated remote attackers to execute arbitrary SQL queries on the server database. | ||||
| CVE-2023-25615 | 1 Sap | 1 Abap Platform | 2025-02-27 | 6.8 Medium |
| Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the malicious database queries over the network and gain access to the unintended data. This may lead to a high impact on the confidentiality and no impact on the availability and integrity of the application. | ||||
| CVE-2024-3226 | 1 Campcodes | 1 Online Patient Record Management System | 2025-02-27 | 7.3 High |
| A vulnerability was found in Campcodes Online Patient Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php. The manipulation of the argument password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259071. | ||||
| CVE-2023-26905 | 1 Alphaware - Simple E-commerce System Project | 1 Alphaware - Simple E-commerce System | 2025-02-27 | 9.8 Critical |
| An issue was discovered in Alphaware - Simple E-Commerce System v1.0. There is a SQL injection that can directly issue instructions to the background database system via /alphaware/details.php?id. | ||||
| CVE-2023-25206 | 1 Prestashop | 1 Advanced Reviews | 2025-02-27 | 8.8 High |
| PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. | ||||
| CVE-2024-13148 | 2025-02-27 | 9.8 Critical | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025. | ||||
| CVE-2024-30497 | 1 I13websolution | 1 Wp Responsive Tabs | 2025-02-27 | 8.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | ||||
| CVE-2024-25574 | 1 Deltaww | 1 Diaenergie | 2025-02-27 | 8.8 High |
| SQL injection vulnerability exists in GetDIAE_usListParameters. | ||||
| CVE-2024-30478 | 1 Rocksolidplugins | 1 Bulletin | 2025-02-27 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Bulletin WordPress Announcement & Notification Banner Plugin – Bulletin.This issue affects WordPress Announcement & Notification Banner Plugin – Bulletin: from n/a through 3.8.5. | ||||
| CVE-2024-30495 | 1 Faboba | 1 Falang | 2025-02-27 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Faboba Falang multilanguage.This issue affects Falang multilanguage: from n/a through 1.3.47. | ||||
| CVE-2024-30501 | 1 Wpchill | 1 Download Monitor | 2025-02-27 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.9.4. | ||||
| CVE-2025-1751 | 2025-02-27 | 9.8 Critical | ||
| A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint. | ||||
| CVE-2025-0491 | 1 Fanli2012 | 1 Native-php-cms | 2025-02-27 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-5082 | 1 Click5interactive | 1 Sitemap By Click5 | 2025-02-26 | 7.2 High |
| The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it. | ||||
| CVE-2023-46823 | 1 Avirtum | 1 Imagelinks | 2025-02-26 | 7.2 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4. | ||||