Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4899 | 1 Pixelpost | 1 Pixelpost | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
pixelpost 1.7.1 has SQL injection
|
|||||
| CVE-2008-10004 | 1 Email Registration Project | 1 Email Registration | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 ...
Show More |
|||||
| CVE-2008-10003 | 1 Flashgames Project | 1 Flashgames | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sql injection. It is possible to launch the attack remotely. The name of the patch is 6e57683704885be32eea2ea614f80c9bb8f012c5. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-222288.
|
|||||
| CVE-2007-10003 | 1 Wp-plugins | 1 The Hackers Diet | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in The Hackers Diet Plugin up to 0.9.6b on WordPress. This issue affects some unknown processing of the file ajax_blurb.php of the component HTTP POST Request Handler. The manipulation of the argument user leads to sql injection. The attack may be initiated remotely. Upgrading to version 0.9.7b is able to address this issue. The patch is named 7dd8acf7cd8442609840037121074425d363b694. It is recommended to upgrade the affected comp ...
Show More |
|||||
| CVE-2007-10002 | 1 Web-cyradm Project | 1 Web-cyradm | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/login_password/LANG leads to sql injection. The attack may be launched remotely. The name of the patch is 2bcbead3bdb5f118bf2c38c541eaa73c29dcc90f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217640.
|
|||||
| CVE-2007-10001 | 1 Web-cyradm Project | 1 Web-cyradm | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.
|
|||||
| CVE-2005-4891 | 1 Simplemachines | 1 Simple Machine Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.
|
|||||
| CVE-2024-52435 | 1 Wpdownloadmanager | 1 Premium Packages - Sell Digital Products Securely | 2024-11-20 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3.
|
|||||
| CVE-2024-49574 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-20 | N/A | 8.8 HIGH |
|
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module.
|
|||||
| CVE-2024-11241 | 1 Anisha | 1 Job Recruitment | 2024-11-20 | 7.5 HIGH | 7.5 HIGH |
|
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-40638 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 8.8 HIGH |
|
GLPI is a free asset and IT management software package. An authenticated user can exploit multiple SQL injection vulnerabilities. One of them can be used to alter another user account data and take control of it. Upgrade to 10.0.17.
|
|||||
| CVE-2024-52431 | 1 Pressaholic | 1 Wordpress Video Robot | 2024-11-20 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0.
|
|||||
| CVE-2024-52436 | 1 Wpexperts | 1 Post Smtp | 2024-11-20 | N/A | 7.2 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9.
|
|||||
| CVE-2024-41679 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 8.8 HIGH |
|
GLPI is a free asset and IT management software package. An authenticated user can exploit a SQL injection vulnerability from the ticket form. Upgrade to 10.0.17.
|
|||||
| CVE-2024-45608 | 1 Glpi-project | 1 Glpi | 2024-11-20 | N/A | 8.8 HIGH |
|
GLPI is a free asset and IT management software package. An authenticated user can perfom a SQL injection by changing its preferences. Upgrade to 10.0.17.
|
|||||
| CVE-2024-11244 | 1 Anisha | 1 Farmacia | 2024-11-20 | 6.5 MEDIUM | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11245 | 1 Anisha | 1 Farmacia | 2024-11-20 | 6.5 MEDIUM | 7.5 HIGH |
|
A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11256 | 1 1000projects | 1 Portfolio Management System Mca | 2024-11-19 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11257 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability classified as critical has been found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11258 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-19 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11213 | 1 Mayurik | 1 Best Employee Management System | 2024-11-19 | 5.8 MEDIUM | 7.2 HIGH |
|
A vulnerability, which was classified as critical, was found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /admin/edit_role.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11212 | 1 Mayurik | 1 Best Employee Management System | 2024-11-19 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability, which was classified as critical, has been found in SourceCodester Best Employee Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/fetch_product_details.php. The manipulation of the argument barcode leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50972 | 1 Angeljudesuarez | 1 Construction Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter.
|
|||||
| CVE-2024-50971 | 1 Angeljudesuarez | 1 Construction Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter.
|
|||||
| CVE-2024-50970 | 1 Nikoarroyocuraza | 1 Online Furniture Shopping Project | 2024-11-18 | N/A | 8.8 HIGH |
|
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2024-11020 | 1 Vice | 1 Webopac | 2024-11-18 | N/A | 9.8 CRITICAL |
|
Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents.
|
|||||
| CVE-2024-11101 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 5.8 MEDIUM | 9.8 CRITICAL |
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-11100 | 1 1000projects | 1 Beauty Parlour Management System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10990 | 1 Oretnom23 | 1 Online Veterinary Appointment System | 2024-11-18 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as critical was found in SourceCodester Online Veterinary Appointment System 1.0. This vulnerability affects unknown code of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-10991 | 1 Codezips | 1 Hospital Appointment System | 2024-11-18 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-50327 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-50326 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-44761 | 1 Gzequan | 1 Eq Enterprise Management System | 2024-11-18 | N/A | 9.8 CRITICAL |
|
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
|
|||||
| CVE-2024-50328 | 1 Ivanti | 1 Endpoint Manager | 2024-11-18 | N/A | 7.2 HIGH |
|
SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
|
|||||
| CVE-2024-3370 | 2024-11-18 | N/A | 8.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.
|
|||||
| CVE-2024-11305 | 2024-11-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-10645 | 2024-11-18 | N/A | 7.5 HIGH | ||
|
The Blogger 301 Redirect plugin for WordPress is vulnerable to blind time-based SQL Injection via the ‘br’ parameter in all versions up to, and including, 2.5.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
|
|||||
| CVE-2024-9887 | 2024-11-18 | N/A | 7.2 HIGH | ||
|
The Login using WordPress Users ( WP as SAML IDP ) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.15.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive ...
Show More |
|||||
| CVE-2024-50826 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/add_content.php in kashipara E-learning Management System Project 1.0 via the title and content parameters.
|
|||||
| CVE-2024-50825 | 1 Lopalopa | 1 E-learning Management System | 2024-11-18 | N/A | 7.2 HIGH |
|
A SQL Injection vulnerability was found in /admin/school_year.php in kashipara E-learning Management System Project 1.0 via the school_year parameter.
|
|||||