Total
17594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-4911 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument exam leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264446 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-4910 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264445 was assigned to this vulnerability. | ||||
| CVE-2024-4909 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444. | ||||
| CVE-2024-4908 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443. | ||||
| CVE-2023-1563 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555. | ||||
| CVE-2024-4907 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-4906 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability. | ||||
| CVE-2025-1206 | 1 Codezips | 1 Gym Management System | 2025-02-20 | 6.3 Medium |
| A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-44779 | 1 \[gwa\] Autoresponder Project | 1 \[gwa\] Autoresponder | 2025-02-20 | 7.3 High |
| Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | ||||
| CVE-2022-25607 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2025-02-20 | 6.6 Medium |
| Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | ||||
| CVE-2022-29419 | 1 3xsocializer Project | 1 3xsocializer | 2025-02-20 | 6 Medium |
| SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | ||||
| CVE-2022-29410 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 7.4 High |
| Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | ||||
| CVE-2022-29411 | 1 Hermit Project | 1 Hermit | 2025-02-20 | 8.3 High |
| SQL Injection (SQLi) vulnerability in Mufeng's Hermit 音乐播放器 plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | ||||
| CVE-2022-33960 | 1 Supsystic | 1 Social Share Buttons | 2025-02-20 | 8.5 High |
| Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | ||||
| CVE-2022-30998 | 1 Homepage Product Organizer For Woocommerce Project | 1 Homepage Product Organizer For Woocommerce | 2025-02-20 | 9.1 Critical |
| Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in WooPlugins.co's Homepage Product Organizer for WooCommerce plugin <= 1.1 at WordPress. | ||||
| CVE-2022-42497 | 1 Api2cart | 1 Api2cart Bridge Connector | 2025-02-20 | 10 Critical |
| Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | ||||
| CVE-2022-33965 | 1 Plugins-market | 1 Wp Visitor Statistics | 2025-02-20 | 9.3 Critical |
| Multiple Unauthenticated SQL Injection (SQLi) vulnerabilities in Osamaesh WP Visitor Statistics plugin <= 5.7 at WordPress. | ||||
| CVE-2022-36394 | 1 Contest-gallery | 1 Contest Gallery | 2025-02-20 | 7.6 High |
| Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | ||||
| CVE-2021-36898 | 1 Expresstech | 1 Quiz And Survey Master | 2025-02-20 | 9.1 Critical |
| Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | ||||
| CVE-2022-45822 | 1 Elbtide | 1 Advanced Booking Calendar | 2025-02-20 | 10 Critical |
| Unauth. SQL Injection (SQLi) vulnerability in Advanced Booking Calendar plugin <= 1.7.1 on WordPress. | ||||