Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-3464 | 1 Oretnom23 | 1 Laundry Shop Management System | 2025-01-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.
|
|||||
| CVE-2024-3445 | 1 Oretnom23 | 1 Laundry Shop Management System | 2025-01-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2025-23913 | 2025-01-16 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0.
|
|||||
| CVE-2025-23912 | 2025-01-16 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3.
|
|||||
| CVE-2025-23911 | 2025-01-16 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres – Hotel booking plugin allows SQL Injection.This issue affects Solidres – Hotel booking plugin: from n/a through 0.9.4.
|
|||||
| CVE-2025-23780 | 2025-01-16 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2.
|
|||||
| CVE-2025-23779 | 2025-01-16 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5.
|
|||||
| CVE-2024-3466 | 1 Oretnom23 | 1 Laundry Shop Management System | 2025-01-16 | 5.2 MEDIUM | 5.5 MEDIUM |
|
A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.
|
|||||
| CVE-2024-1981 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-01-16 | N/A | 9.8 CRITICAL |
|
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2024-1982 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-01-16 | N/A | 6.5 MEDIUM |
|
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.
|
|||||
| CVE-2024-25833 | 1 F-logic | 1 Datacube3 | 2025-01-16 | N/A | 9.8 CRITICAL |
|
F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database.
|
|||||
| CVE-2023-33280 | 1 Storecommander | 1 Quickaccounting | 2025-01-16 | N/A | 9.8 CRITICAL |
|
In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
|
|||||
| CVE-2023-33279 | 1 Scfixmyprestashop Project | 1 Scfixmyprestashop | 2025-01-16 | N/A | 9.8 CRITICAL |
|
In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
|
|||||
| CVE-2023-33278 | 1 Storecommander | 1 Customers Export | 2025-01-16 | N/A | 9.8 CRITICAL |
|
In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection.
|
|||||
| CVE-2024-1776 | 1 Zestard | 1 Admin Side Data Storage For Contact Form 7 | 2025-01-16 | N/A | 7.2 HIGH |
|
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive informatio ...
Show More |
|||||
| CVE-2025-0455 | 2025-01-16 | N/A | 9.8 CRITICAL | ||
|
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
|
|||||
| CVE-2024-4434 | 1 Thimpress | 1 Learnpress | 2025-01-15 | N/A | 9.8 CRITICAL |
|
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the ‘term_id’ parameter in versions up to, and including, 4.2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2024-3148 | 1 Dedecms | 1 Dedecms | 2025-01-15 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in DedeCMS 5.7.112. This issue affects some unknown processing of the file dede/makehtml_archives_action.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258923. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2015-9452 | 1 Basixonline | 1 Nex-forms | 2025-01-15 | 7.5 HIGH | 9.8 CRITICAL |
|
The nex-forms-express-wp-form-builder plugin before 4.6.1 for WordPress has SQL injection via the wp-admin/admin.php?page=nex-forms-main nex_forms_Id parameter.
|
|||||
| CVE-2024-1751 | 1 Themeum | 1 Tutor Lms | 2025-01-15 | N/A | 8.8 HIGH |
|
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract se ...
Show More |
|||||
| CVE-2021-44092 | 1 Code-projects | 1 Pharmacy Management | 2025-01-15 | 7.5 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in code-projects Pharmacy Management 1.0 via the username parameter in the administer login form.
|
|||||
| CVE-2023-33677 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-01-15 | N/A | 7.5 HIGH |
|
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*".
|
|||||
| CVE-2025-22799 | 2025-01-15 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1.
|
|||||
| CVE-2025-22785 | 2025-01-15 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5.
|
|||||
| CVE-2023-33439 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | N/A | 7.2 HIGH |
|
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
|
|||||
| CVE-2023-38724 | 1 Ibm | 1 Cognos Controller | 2025-01-14 | N/A | 6.3 MEDIUM |
|
IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 262183.
|
|||||
| CVE-2021-43927 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
|
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
|
|||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
|
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
|
|||||
| CVE-2021-43926 | 1 Synology | 1 Diskstation Manager | 2025-01-14 | 7.5 HIGH | 4.7 MEDIUM |
|
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.
|
|||||
| CVE-2022-24628 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | N/A | 7.2 HIGH |
|
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php.
|
|||||
| CVE-2022-24627 | 1 Audiocodes | 1 Device Manager Express | 2025-01-14 | N/A | 9.8 CRITICAL |
|
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form.
|
|||||
| CVE-2025-20620 | 2025-01-14 | N/A | 7.5 HIGH | ||
|
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page.
|
|||||
| CVE-2023-33734 | 1 Bluecms Project | 1 Bluecms | 2025-01-13 | N/A | 9.8 CRITICAL |
|
BlueCMS v1.6 was discovered to contain a SQL injection vulnerability via the keywords parameter at search.php.
|
|||||
| CVE-2025-0404 | 2025-01-13 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the argument coachName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12404 | 2025-01-11 | N/A | 7.5 HIGH | ||
|
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2025-0208 | 1 Code-projects | 1 Online Shoe Store | 2025-01-10 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-0207 | 1 Code-projects | 1 Online Shoe Store | 2025-01-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12787 | 1 1000projects | 1 Attendance Tracking Management System | 2025-01-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12788 | 1 Codezips | 1 Technical Discussion Forum | 2025-01-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-12884 | 1 Codezips | 1 E-commerce Site | 2025-01-10 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||