Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-30016 | 1 Oretnom23 | 1 Judging Management System | 2025-06-20 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.
|
|||||
| CVE-2022-3764 | 1 Wpvibes | 1 Form Vibes | 2025-06-20 | N/A | 7.2 HIGH |
|
The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability.
|
|||||
| CVE-2021-24151 | 1 Benjaminrojas | 1 Wp Editor | 2025-06-20 | N/A | 7.2 HIGH |
|
The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.
|
|||||
| CVE-2023-48864 | 1 Sem-cms | 1 Semcms | 2025-06-20 | N/A | 7.5 HIGH |
|
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
|
|||||
| CVE-2025-6005 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early ...
Show More |
|||||
| CVE-2025-6006 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6007 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6008 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-6009 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-44755 | 1 Mayurik | 1 Sacco Management System | 2025-06-19 | N/A | 9.8 CRITICAL |
|
Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
|
|||||
| CVE-2025-25580 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
|
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml.
|
|||||
| CVE-2025-25590 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
|
yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml.
|
|||||
| CVE-2025-22980 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-18 | N/A | 6.7 MEDIUM |
|
A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php.
|
|||||
| CVE-2025-27753 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
|
A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records.
|
|||||
| CVE-2025-24773 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0.
|
|||||
| CVE-2025-28972 | 2025-06-17 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5.
|
|||||
| CVE-2025-5673 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
|
The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive ...
Show More |
|||||
| CVE-2025-49854 | 2025-06-17 | N/A | 7.6 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO allows SQL Injection. This issue affects Slim SEO: from n/a through 4.5.4.
|
|||||
| CVE-2025-39479 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3.
|
|||||
| CVE-2025-49452 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3.
|
|||||
| CVE-2025-47573 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.
|
|||||
| CVE-2025-48118 | 2025-06-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2.
|
|||||
| CVE-2025-39486 | 2025-06-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a.
|
|||||
| CVE-2025-30562 | 2025-06-17 | N/A | 8.5 HIGH | ||
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind SQL Injection. This issue affects Navigation Tree Elementor: from n/a through 1.0.1.
|
|||||
| CVE-2025-5977 | 1 Fabian | 1 School Fees Payment System | 2025-06-17 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-42564 | 1 Jerryhanjj | 1 Erp | 2025-06-17 | N/A | 7.6 HIGH |
|
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/inventory/delete?action=delete.
|
|||||
| CVE-2024-32369 | 1 Hsclabs | 1 Mailinspector | 2025-06-17 | N/A | 4.3 MEDIUM |
|
SQL Injection vulnerability in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the start and limit parameter in the mliWhiteList.php component.
|
|||||
| CVE-2024-25309 | 1 Code-projects | 1 Simple School Management System | 2025-06-17 | N/A | 8.8 HIGH |
|
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.
|
|||||
| CVE-2022-1807 | 1 Sophos | 1 Firewall | 2025-06-17 | N/A | 7.2 HIGH |
|
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
|
|||||
| CVE-2024-42565 | 1 Jerryhanjj | 1 Erp | 2025-06-17 | N/A | 9.8 CRITICAL |
|
ERP commit 44bd04 was discovered to contain a SQL injection vulnerability via the id parameter at /index.php/basedata/contact/delete?action=delete.
|
|||||
| CVE-2025-45818 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/item_status.php.
|
|||||
| CVE-2025-45819 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/master_file/author.php.
|
|||||
| CVE-2025-45820 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Slims (Senayan Library Management Systems) 9 Bulian 9.6.1 is vulnerable to SQL Injection in admin/modules/bibliography/pop_author_edit.php.
|
|||||
| CVE-2023-45256 | 2025-06-17 | N/A | 5.4 MEDIUM | ||
|
Multiple SQL injection vulnerabilities in the EuroInformation MoneticoPaiement module before 1.1.1 for PrestaShop allow remote attackers to execute arbitrary SQL commands via the TPE, societe, MAC, reference, or aliascb parameter to transaction.php, validation.php, or callback.php.
|
|||||
| CVE-2024-28294 | 1 Limbas | 1 Limbas | 2025-06-17 | N/A | 6.5 MEDIUM |
|
Limbas up to v5.2.14 was discovered to contain a SQL injection vulnerability via the ftid parameter.
|
|||||
| CVE-2025-5431 | 1 Assamlook | 1 Assamlook Cms | 2025-06-17 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2023-52285 | 1 Lrx0014 | 1 Examsys | 2025-06-17 | N/A | 7.5 HIGH |
|
ExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter.
|
|||||
| CVE-2023-50030 | 1 Joommasters | 1 Jmssetting | 2025-06-17 | N/A | 9.8 CRITICAL |
|
In the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.
|
|||||
| CVE-2024-33121 | 1 Roothub | 1 Roothub | 2025-06-17 | N/A | 6.3 MEDIUM |
|
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.
|
|||||
| CVE-2023-5041 | 1 Tracktheclick | 1 Track The Click | 2025-06-17 | N/A | 8.8 HIGH |
|
The Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.
|
|||||