Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31842 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-23 | N/A | 7.2 HIGH |
|
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=.
|
|||||
| CVE-2023-31631 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31630 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31629 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31628 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31627 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31626 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31616 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-26262 | 1 Ebmtech | 1 Uniweb\/solipacs Webserver | 2025-01-23 | N/A | 8.8 HIGH |
|
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator .
|
|||||
| CVE-2024-1523 | 1 E-web | 1 Fs-ezviewer | 2025-01-23 | N/A | 8.8 HIGH |
|
EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator.
|
|||||
| CVE-2024-1795 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-01-23 | N/A | 8.8 HIGH |
|
The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to ...
Show More |
|||||
| CVE-2024-2480 | 1 Mhasistemas | 1 Armhazena | 2025-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-2478 | 1 Bradwenqiang | 1 Hr | 2025-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respo ...
Show More |
|||||
| CVE-2023-31608 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31607 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-30245 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-23 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file.
|
|||||
| CVE-2023-31519 | 1 Pharmacy Management System Project | 1 Pharmacy Management System | 2025-01-23 | N/A | 9.8 CRITICAL |
|
Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php.
|
|||||
| CVE-2023-27742 | 1 Idurarapp | 1 Idurar | 2025-01-23 | N/A | 9.8 CRITICAL |
|
IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login.
|
|||||
| CVE-2024-26264 | 1 Ebmtech | 1 Risweb | 2025-01-23 | N/A | 9.8 CRITICAL |
|
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
|
|||||
| CVE-2024-57770 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-01-23 | N/A | 8.8 HIGH |
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id.
|
|||||
| CVE-2024-57769 | 1 Jfinaloa Project | 1 Jfinaloa | 2025-01-23 | N/A | 8.8 HIGH |
|
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser.
|
|||||
| CVE-2023-31613 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31612 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31611 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31610 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-31609 | 1 Openlinksw | 1 Virtuoso | 2025-01-23 | N/A | 7.5 HIGH |
|
An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2023-30189 | 1 Posthemes | 1 Posstaticblocks | 2025-01-23 | N/A | 9.8 CRITICAL |
|
Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook().
|
|||||
| CVE-2024-10400 | 1 Themeum | 1 Tutor Lms | 2025-01-23 | N/A | 7.5 HIGH |
|
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the ‘rating_filter’ parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2023-5155 | 1 Utarit | 1 Solipay Mobile | 2025-01-23 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.
|
|||||
| CVE-2024-48509 | 1 Lang-learn-guy | 1 Learning With Texts | 2025-01-23 | N/A | 9.8 CRITICAL |
|
Learning with Texts (LWT) 2.0.3 is vulnerable to SQL Injection. This occurs when the application fails to properly sanitize user inputs, allowing attackers to manipulate SQL queries by injecting malicious SQL statements into URL parameters. By exploiting this vulnerability, an attacker could gain unauthorized access to the database, retrieve sensitive information, modify or delete data, and execute arbitrary commands.
|
|||||
| CVE-2024-43282 | 1 Themeum | 1 Tutor Lms | 2025-01-22 | N/A | 7.6 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
|
|||||
| CVE-2023-27233 | 1 Piwigo | 1 Piwigo | 2025-01-22 | N/A | 8.8 HIGH |
|
Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php.
|
|||||
| CVE-2023-31702 | 1 Escanav | 1 Escan Management Console | 2025-01-22 | N/A | 7.2 HIGH |
|
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
|
|||||
| CVE-2023-30191 | 1 Cdesigner Project | 1 Cdesigner | 2025-01-22 | N/A | 9.8 CRITICAL |
|
PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().
|
|||||
| CVE-2024-53808 | 1 Basixonline | 1 Nex-forms | 2025-01-22 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.7.8.
|
|||||
| CVE-2024-3314 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Computer Laboratory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Users.php. The manipulation leads to sql injection. The attack may be initiated remotely. The identifier VDB-259385 was assigned to this vulnerability.
|
|||||
| CVE-2023-6967 | 1 Podsfoundation | 1 Pods | 2025-01-22 | N/A | 8.8 HIGH |
|
The Pods – Custom Content Types and Fields plugin for WordPress is vulnerable to SQL Injection via shortcode in all versions up to, and including, 3.0.10 (with the exception of 2.7.31.2, 2.8.23.2, 2.9.19.2) due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor level access or higher, to append additional SQL queries into already existing queries that can be us ...
Show More |
|||||
| CVE-2023-29985 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-01-22 | N/A | 9.8 CRITICAL |
|
Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability.
|
|||||
| CVE-2025-0203 | 1 Code-projects | 1 Student Management System | 2025-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2025-0204 | 1 Code-projects | 1 Online Shoe Store | 2025-01-22 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||