Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43350 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-sms/classes/Master.php?f=delete_inquiry.
|
|||||
| CVE-2022-43052 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete.
|
|||||
| CVE-2022-43051 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /odlms/classes/Users.php?f=delete_test.
|
|||||
| CVE-2022-43049 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.
|
|||||
| CVE-2022-42990 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.
|
|||||
| CVE-2020-20122 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitle() function in /coreframe/app/content/admin/content.php.
|
|||||
| CVE-2018-11528 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
|
|||||
| CVE-2022-27431 | 1 Wuzhicms | 1 Wuzhicms | 2025-05-05 | 7.5 HIGH | 9.8 CRITICAL |
|
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php.
|
|||||
| CVE-2024-25288 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | N/A | 4.9 MEDIUM |
|
SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php.
|
|||||
| CVE-2022-21720 | 1 Glpi-project | 1 Glpi | 2025-05-05 | 4.0 MEDIUM | 4.9 MEDIUM |
|
GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the `Entities` update right prevents exploitation of this vulnerability.
|
|||||
| CVE-2022-1505 | 1 Carrcommunications | 1 Rsvpmaker | 2025-05-05 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.
|
|||||
| CVE-2022-1453 | 1 Carrcommunications | 1 Rsvpmaker | 2025-05-05 | 5.0 MEDIUM | 9.8 CRITICAL |
|
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.
|
|||||
| CVE-2023-27167 | 1 Supremainc | 1 Biostar 2 | 2025-05-05 | N/A | 6.5 MEDIUM |
|
Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1.
|
|||||
| CVE-2022-43126 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/tests/manage_test.php.
|
|||||
| CVE-2022-43125 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/manage_appointment.php.
|
|||||
| CVE-2022-43124 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.
|
|||||
| CVE-2022-43086 | 1 Codeastro | 1 Restaurant Pos System | 2025-05-05 | N/A | 4.9 MEDIUM |
|
Restaurant POS System v1.0 was discovered to contain a SQL injection vulnerability via update_customer.php.
|
|||||
| CVE-2025-0410 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0409 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0408 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0407 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0406 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0405 | 1 Liujianview | 1 Gymxmjpa | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0490 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0489 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0488 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10638 | 1 Acowebs | 1 Product Labels For Woocommerce \(sale Badges\) | 2025-05-05 | N/A | 4.1 MEDIUM |
|
The Product Labels For Woocommerce (Sale Badges) WordPress plugin before 1.5.11 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
|
|||||
| CVE-2024-13095 | 1 Wptriggers | 1 Wp Triggers Lite | 2025-05-05 | N/A | 4.8 MEDIUM |
|
The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
|
|||||
| CVE-2024-0365 | 1 Radykal | 1 Fancy Product Designer | 2025-05-05 | N/A | 6.5 MEDIUM |
|
The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators.
|
|||||
| CVE-2022-43362 | 1 Slims | 1 Senayan Library Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Senayan Library Management System v9.4.2 was discovered to contain a SQL injection vulnerability via the collType parameter at loan_by_class.php.
|
|||||
| CVE-2022-43127 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /appointments/update_status.php.
|
|||||
| CVE-2022-43081 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2025-05-05 | N/A | 7.5 HIGH |
|
Fast Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /fastfood/purchase.php.
|
|||||
| CVE-2024-25849 | 1 Prestatoolkit | 1 Make An Offer\/offer Your Price | 2025-05-05 | N/A | 9.8 CRITICAL |
|
In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` .
|
|||||
| CVE-2024-25848 | 1 Team-ever | 1 Seo | 2025-05-05 | N/A | 5.9 MEDIUM |
|
In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions.
|
|||||
| CVE-2024-25845 | 1 Cleanpresta | 1 Cd Custom Fields 4 Orders | 2025-05-05 | N/A | 9.8 CRITICAL |
|
In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions.
|
|||||
| CVE-2024-27515 | 1 Mindstellar | 1 Osclass | 2025-05-05 | N/A | 7.2 HIGH |
|
Osclass 5.1.2 is vulnerable to SQL Injection.
|
|||||
| CVE-2021-37823 | 1 Opencart | 1 Opencart | 2025-05-05 | N/A | 4.9 MEDIUM |
|
OpenCart 3.0.3.7 allows users to obtain database information or read server files through SQL injection in the background.
|
|||||
| CVE-2020-22820 | 1 Mkcms Project | 1 Mkcms | 2025-05-05 | N/A | 9.8 CRITICAL |
|
MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter.
|
|||||
| CVE-2020-22819 | 1 Mkcms Project | 1 Mkcms | 2025-05-05 | N/A | 9.8 CRITICAL |
|
MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter.
|
|||||
| CVE-2020-22818 | 1 Mkcms Project | 1 Mkcms | 2025-05-05 | N/A | 9.8 CRITICAL |
|
MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter.
|
|||||