Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5433 | 2025-06-02 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability was found in Fengoffice Feng Office 3.5.1.5 and classified as critical. Affected by this issue is some unknown functionality of the file /index.php?c=account&a=set_timezone. The manipulation of the argument tz_offset leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-5434 | 2025-06-02 | 7.5 HIGH | 7.3 HIGH | ||
|
A vulnerability was found in Aem Solutions CMS up to 1.0. It has been classified as critical. This affects an unknown part of the file /page.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-5435 | 2025-06-02 | 7.5 HIGH | 7.3 HIGH | ||
|
A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-22628 | 1 Oretnom23 | 1 Budget And Expense Tracker System | 2025-06-02 | N/A | 7.2 HIGH |
|
Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=
|
|||||
| CVE-2023-2655 | 1 Web-dorado | 1 Contact Form Maker | 2025-06-02 | N/A | 7.2 HIGH |
|
The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
|
|||||
| CVE-2021-24869 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-06-02 | N/A | 8.8 HIGH |
|
The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber
|
|||||
| CVE-2024-0405 | 1 Burst-statistics | 1 Burst Statistics | 2025-06-02 | N/A | 7.2 HIGH |
|
The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor a ...
Show More |
|||||
| CVE-2023-50028 | 1 Prestashopmodules | 1 Sliding Cart Block | 2025-06-02 | N/A | 9.8 CRITICAL |
|
In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.
|
|||||
| CVE-2023-27113 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | N/A | 9.8 CRITICAL |
|
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php.
|
|||||
| CVE-2023-27112 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | N/A | 9.8 CRITICAL |
|
pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php.
|
|||||
| CVE-2022-45165 | 1 Archibus | 1 Web Central | 2025-05-30 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection.
|
|||||
| CVE-2022-34909 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | N/A | 7.7 HIGH |
|
An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database.
|
|||||
| CVE-2021-31777 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2025-05-30 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
|
|||||
| CVE-2020-26546 | 1 Evolutionscript | 1 Helpdeskz | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
|
|||||
| CVE-2025-48137 | 1 Proxymis | 1 Interview | 2025-05-30 | N/A | 8.5 HIGH |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01.
|
|||||
| CVE-2025-4226 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-05-30 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname/comploc leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-52874 | 1 Infoblox | 1 Netmri | 2025-05-30 | N/A | 8.8 HIGH |
|
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
|
|||||
| CVE-2024-51101 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-05-29 | N/A | 9.8 CRITICAL |
|
PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.
|
|||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | N/A | 7.2 HIGH |
|
Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.'
|
|||||
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-29 | N/A | 9.8 CRITICAL |
|
Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php.
|
|||||
| CVE-2024-40392 | 1 Fkgeo | 1 Pharmacy\/medical Store Point Of Sale System | 2025-05-29 | N/A | 9.8 CRITICAL |
|
SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php.
|
|||||
| CVE-2025-3818 | 2025-05-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
|
A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-23695 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-29 | N/A | 8.8 HIGH |
|
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and be ...
Show More |
|||||
| CVE-2022-23694 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-05-29 | N/A | 8.8 HIGH |
|
Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster in Aruba ClearPass Policy Manager version(s): 6.10.x: 6.10.6 and below; 6.9.x: 6.9.11 and be ...
Show More |
|||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-05-28 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php.
|
|||||
| CVE-2025-3243 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dental_form.php. The manipulation of the argument itr_no/dental_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3304 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_not.php. The manipulation of the argument itr_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3347 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /dental_pending.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3348 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical was found in code-projects Patient Record Management System 1.0. This vulnerability affects unknown code of the file /edit_dpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3685 | 1 Code-projects | 1 Patient Record Management System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in code-projects Patient Record Management System 1.0. Affected is an unknown function of the file /edit_fpatient.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-4214 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
|
|||||
| CVE-2025-3258 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Old Age Home Management System 1.0. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3311 | 1 Phpgurukul | 1 Men Salon Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Men Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-48343 | 1 Esafenet | 1 Cdg | 2025-05-28 | N/A | 6.3 MEDIUM |
|
A SQL Injection vulnerability in ESAFENET CDG 5 and earlier allows an attacker to execute arbitrary code via the id parameter of the dataSearch.jsp page.
|
|||||
| CVE-2025-3689 | 1 Phpgurukul | 1 Men Salon Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-customer-detailed.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2608 | 1 Phpgurukul | 1 Online Banquet Booking System | 2025-05-28 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability classified as critical has been found in PHPGurukul Banquet Booking System 1.2. This affects an unknown part of the file /admin/view-user-queries.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-4213 | 1 Phpgurukul | 1 Online Birth Certificate System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5224 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in Campcodes Online Hospital Management System 1.0. Affected is an unknown function of the file /admin/add-doctor.php. The manipulation of the argument Doctorspecialization leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5225 | 1 Campcodes | 1 Advanced Online Voting System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument voter leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-5229 | 1 Campcodes | 1 Online Hospital Management System | 2025-05-28 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in Campcodes Online Hospital Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/view-patient.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||