Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24958 | 1 Wegia | 1 Wegia | 2025-02-13 | N/A | 8.8 HIGH |
|
WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, `salvar_tag.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information. This issue has been addressed in version 3.2.12 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-39887 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 4.3 MEDIUM |
|
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional f ...
Show More |
|||||
| CVE-2024-23539 | 1 Apache | 1 Fineract | 2025-02-13 | N/A | 8.3 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.
Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
|
|||||
| CVE-2024-23538 | 1 Apache | 1 Fineract | 2025-02-13 | N/A | 9.9 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.
Users are recommended to upgrade to version 1.8.5 or 1.9.0, which fix the issue.
|
|||||
| CVE-2023-49736 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 6.5 MEDIUM |
|
A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2.
Users are recommended to upgrade to version 3.0.2, which fixes the issue.
|
|||||
| CVE-2024-13440 | 1 Superstorefinder | 1 Super Store Finder | 2025-02-13 | N/A | 8.2 HIGH |
|
The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews.
|
|||||
| CVE-2023-39365 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-02-13 | N/A | 4.6 MEDIUM |
|
Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2023-35088 | 1 Apache | 1 Inlong | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0.
In the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.
Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.
[1] https://github.com/apache/inlong/pull/81 ...
Show More |
|||||
| CVE-2023-32741 | 1 Itpathsolutions | 1 Contact Form To Any Api | 2025-02-13 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.
|
|||||
| CVE-2023-30465 | 1 Apache | 1 Inlong | 2025-02-13 | N/A | 5.3 MEDIUM |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and the ordering of the returned content using an SQL injection attack, an attacker can extract the username of the user with ID 1 from the "user" table, one character at a time. Users are advised to upgrade to Apache InLong's 1.6.0 or cherry-pick [1] ...
Show More |
|||||
| CVE-2023-1934 | 1 Sdg | 1 Pnpscada | 2025-02-13 | N/A | 9.8 CRITICAL |
|
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthor ...
Show More |
|||||
| CVE-2022-4427 | 1 Otrs | 1 Otrs | 2025-02-13 | N/A | 6.5 MEDIUM |
|
Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice
This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.
|
|||||
| CVE-2022-45135 | 1 Apache | 1 Cocoon | 2025-02-13 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Cocoon.This issue affects Apache Cocoon: from 2.2.0 before 2.3.0.
Users are recommended to upgrade to version 2.3.0, which fixes the issue.
|
|||||
| CVE-2020-21060 | 1 Phpmywind | 1 Phpmywind | 2025-02-13 | N/A | 8.8 HIGH |
|
SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page.
|
|||||
| CVE-2023-26856 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-02-13 | N/A | 7.2 HIGH |
|
Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login.
|
|||||
| CVE-2023-26750 | 1 Yiiframework | 1 Yii | 2025-02-13 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework.
|
|||||
| CVE-2015-9457 | 1 Caseproof | 1 Prettylinks | 2025-02-13 | 6.5 MEDIUM | 7.2 HIGH |
|
The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter.
|
|||||
| CVE-2024-55212 | 2025-02-12 | N/A | 6.5 MEDIUM | ||
|
DNNGo xBlog v6.5.0 was discovered to contain a SQL injection vulnerability via the Categorys parameter at /DNNGo_xBlog/Resource_Service.aspx.
|
|||||
| CVE-2024-57238 | 2025-02-12 | N/A | 7.3 HIGH | ||
|
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.
|
|||||
| CVE-2024-32838 | 2025-02-12 | N/A | N/A | ||
|
SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious data into some of the REST API endpoints' query parameter.
Users are recommended to upgrade to version 1.10.1, which fixes this issue.
A SQL Validator has been implemented which allows us to configure a series of tests and checks against our SQL queries that will allow us to validate and protect a ...
Show More |
|||||
| CVE-2024-2338 | 1 Dalibo | 1 Anonymizer | 2025-02-12 | N/A | 8.0 HIGH |
|
PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to sup ...
Show More |
|||||
| CVE-2023-1522 | 1 Genetec | 1 Security Center | 2025-02-12 | N/A | 8.8 HIGH |
|
SQL Injection in the Hardware Inventory report of Security Center 5.11.2.
|
|||||
| CVE-2020-36072 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-12 | N/A | 8.8 HIGH |
|
SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter.
|
|||||
| CVE-2020-36071 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-12 | N/A | 8.8 HIGH |
|
SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page.
|
|||||
| CVE-2024-24772 | 1 Apache | 1 Superset | 2025-02-12 | N/A | 4.3 MEDIUM |
|
A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.
Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
|
|||||
| CVE-2025-26520 | 2025-02-12 | N/A | 7.6 HIGH | ||
|
Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.
|
|||||
| CVE-2024-1702 | 1 Keerti1924 | 1 Php Mysql User Signup Login System | 2025-02-12 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2020-36073 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-11 | N/A | 8.8 HIGH |
|
SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page.
|
|||||
| CVE-2025-0803 | 1 Gymmanagementsystem | 1 Gym Management System | 2025-02-11 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-4807 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263927.
|
|||||
| CVE-2024-4905 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264438 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-4808 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263928.
|
|||||
| CVE-2024-4799 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263919.
|
|||||
| CVE-2024-4800 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263920.
|
|||||
| CVE-2024-4801 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263921 was assigned to this vulnerability.
|
|||||
| CVE-2024-4802 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipulation of the argument activity_datetime leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-263922 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2024-4803 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263923.
|
|||||
| CVE-2024-4804 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-263924.
|
|||||
| CVE-2024-4805 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. This affects an unknown part of the file edit_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263925 was assigned to this vulnerability.
|
|||||
| CVE-2024-4806 | 1 Lopalopa | 1 College Management System | 2025-02-11 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in Kashipara College Management System 1.0. This vulnerability affects unknown code of the file each_extracurricula_activities.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263926 is the identifier assigned to this vulnerability.
|
|||||