Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44399 | 1 Poultry Farm Management System Project | 1 Poultry Farm Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
|
Poultry Farm Management System v1.0 contains a SQL injection vulnerability via the del parameter at /Redcock-Farm/farm/category.php.
|
|||||
| CVE-2022-44278 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-25 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=user/manage_user&id=.
|
|||||
| CVE-2022-44140 | 1 Jizhicms | 1 Jizhicms | 2025-04-25 | N/A | 8.8 HIGH |
|
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component.
|
|||||
| CVE-2022-36193 | 1 Lahirudanushka | 1 School Management System | 2025-04-25 | N/A | 9.8 CRITICAL |
|
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries.
|
|||||
| CVE-2024-25469 | 1 Crmeb | 1 Crmeb Java | 2025-04-25 | N/A | 7.5 HIGH |
|
SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component.
|
|||||
| CVE-2022-3848 | 1 Wp User Merger Project | 1 Wp User Merger | 2025-04-25 | N/A | 8.8 HIGH |
|
The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin
|
|||||
| CVE-2022-42109 | 1 Online-shopping-system-advanced Project | 1 Online-shopping-system-advanced | 2025-04-25 | N/A | 9.8 CRITICAL |
|
Online-shopping-system-advanced 1.0 was discovered to contain a SQL injection vulnerability via the p parameter at /shopping/product.php.
|
|||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | N/A | 7.5 HIGH |
|
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
|
|||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2025-04-25 | N/A | 8.8 HIGH |
|
The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author
|
|||||
| CVE-2022-3751 | 1 Owncast Project | 1 Owncast | 2025-04-25 | N/A | 9.8 CRITICAL |
|
SQL Injection in GitHub repository owncast/owncast prior to 0.0.13.
|
|||||
| CVE-2022-44291 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 9.8 CRITICAL |
|
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.
|
|||||
| CVE-2022-44290 | 1 Webtareas Project | 1 Webtareas | 2025-04-24 | N/A | 9.8 CRITICAL |
|
webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.
|
|||||
| CVE-2022-44277 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/classes/Master.php?f=delete_product.
|
|||||
| CVE-2022-45328 | 1 Church Management System Project | 1 Church Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_members.php.
|
|||||
| CVE-2022-44348 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/update_status.php?id=.
|
|||||
| CVE-2022-44347 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=inquiries/view_inquiry&id=.
|
|||||
| CVE-2022-44345 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=quotes/view_quote&id=.
|
|||||
| CVE-2022-44296 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/quotes/manage_remark.php?id=.
|
|||||
| CVE-2022-44295 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/orders/assign_team.php?id=.
|
|||||
| CVE-2022-44294 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/manage_service&id=.
|
|||||
| CVE-2022-30528 | 1 Isic.lk Project | 1 Isic.lk | 2025-04-24 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
|
|||||
| CVE-2024-54927 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php.
|
|||||
| CVE-2024-54928 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 7.2 HIGH |
|
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php,
|
|||||
| CVE-2024-54934 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php.
|
|||||
| CVE-2023-51052 | 1 S-cms | 1 S-cms | 2025-04-24 | N/A | 9.8 CRITICAL |
|
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
|
|||||
| CVE-2024-54932 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php.
|
|||||
| CVE-2024-54931 | 1 Lopalopa | 1 E-learning Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter.
|
|||||
| CVE-2024-52675 | 1 Oretnom23 | 1 Sentiment Based Movie Rating System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.
|
|||||
| CVE-2024-32847 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2022-45019 | 1 Slims | 1 Senayan Library Management System | 2025-04-24 | N/A | 7.5 HIGH |
|
SLiMS 9 Bulian v9.5.0 was discovered to contain a SQL injection vulnerability via the keywords parameter.
|
|||||
| CVE-2022-44945 | 1 Rukovoditel | 1 Rukovoditel | 2025-04-24 | N/A | 9.8 CRITICAL |
|
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.
|
|||||
| CVE-2025-3690 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit-services.php. The manipulation of the argument cost leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3684 | 1 Xianqi | 1 Kindergarten Management System | 2025-04-24 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Xianqi Kindergarten Management System 2.0 Bulid 20190808. It has been rated as critical. This issue affects some unknown processing of the file stu_list.php of the component Child Management. The manipulation of the argument sex leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2024-55238 | 1 Open-metadata | 1 Openmetadata | 2025-04-24 | N/A | 7.1 HIGH |
|
OpenMetadata <=1.4.1 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the WorkflowDAO interface. The workflowtype and status parameters can be used to build a SQL query.
|
|||||
| CVE-2025-0881 | 1 Codezips | 1 Gym Management System | 2025-04-23 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-32841 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-32839 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-50330 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 9.8 CRITICAL |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution.
|
|||||
| CVE-2024-32844 | 1 Ivanti | 1 Endpoint Manager | 2025-04-23 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2022-3710 | 1 Sophos | 2 Xg Firewall, Xg Firewall Firmware | 2025-04-23 | N/A | 2.7 LOW |
|
A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.
|
|||||