Total
15274 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-53506 | 1 B3log | 1 Siyuan | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. | |||||
| CVE-2024-53507 | 1 B3log | 1 Siyuan | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | |||||
| CVE-2025-30372 | 1 Emlog | 1 Emlog | 2025-04-14 | N/A | 9.8 CRITICAL |
| Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue. | |||||
| CVE-2024-53504 | 1 B3log | 1 Siyuan | 2025-04-14 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. | |||||
| CVE-2024-31545 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.4 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | |||||
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.1 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | |||||
| CVE-2024-31546 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | |||||
| CVE-2023-49989 | 1 Pratham-jaiswal | 1 Hotel Booking Management System | 2025-04-14 | N/A | 9.8 CRITICAL |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | |||||
| CVE-2023-49988 | 1 Pratham-jaiswal | 1 Hotel Booking Management System | 2025-04-14 | N/A | 7.5 HIGH |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||||
| CVE-2016-0249 | 1 Ibm | 1 Security Guardium | 2025-04-12 | 7.5 HIGH | 8.6 HIGH |
| SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1154 | 1 Cuore | 1 Ec-cube Help Plugin | 2025-04-12 | 7.5 HIGH | 9.1 CRITICAL |
| SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | |||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2015-0524 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | |||||
| CVE-2014-3759 | 1 Karlen Walter | 1 Si Bibtex | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality. | |||||