Total
15302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32603 | 2025-04-11 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK WP Online Users Stats allows Blind SQL Injection. This issue affects WP Online Users Stats: from n/a through 1.0.0. | |||||
| CVE-2025-31599 | 2025-04-11 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in N-Media Bulk Product Sync allows SQL Injection. This issue affects Bulk Product Sync: from n/a through 8.6. | |||||
| CVE-2025-32687 | 2025-04-11 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magnigenie Review Stars Count For WooCommerce allows SQL Injection. This issue affects Review Stars Count For WooCommerce: from n/a through 2.0. | |||||
| CVE-2024-35468 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-11 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2024-35469 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-11 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2025-04-11 | N/A | 9.8 CRITICAL |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
| CVE-2024-20360 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-11 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. | |||||
| CVE-2023-28424 | 1 Gentoo | 1 Soko | 2025-04-11 | N/A | 9.1 CRITICAL |
| Soko if the code that powers packages.gentoo.org. Prior to version 1.0.2, the two package search handlers, `Search` and `SearchFeed`, implemented in `pkg/app/handler/packages/search.go`, are affected by a SQL injection via the `q` parameter. As a result, unauthenticated attackers can execute arbitrary SQL queries on `https://packages.gentoo.org/`. It was also demonstrated that primitive was enough to gain code execution in the context of the PostgreSQL container. The issue was addressed in commit `4fa6e4b619c0362728955b6ec56eab0e0cbf1e23y` of version 1.0.2 using prepared statements to interpolate user-controlled data in SQL queries. | |||||
| CVE-2024-52360 | 1 Ibm | 1 Concert Software | 2025-04-11 | N/A | 7.6 HIGH |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | |||||
| CVE-2024-2584 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-11 | N/A | 8.2 HIGH |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | |||||
| CVE-2024-2586 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-11 | N/A | 8.2 HIGH |
| Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. | |||||
| CVE-2022-34324 | 1 Sage | 1 Sage Xrt Business Exchange | 2025-04-11 | N/A | 8.8 HIGH |
| Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History. | |||||
| CVE-2024-29386 | 1 Projeqtor | 1 Projeqtor | 2025-04-11 | N/A | 5.4 MEDIUM |
| projeqtor up to 11.2.0 was discovered to contain a SQL injection vulnerability via the component /view/criticalResourceExport.php. | |||||
| CVE-2025-3335 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/category_update.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3336 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/member_save.php. The manipulation of the argument last leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-3337 | 1 Adonesevangelista | 1 Online Restaurant Management System | 2025-04-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/member_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-30473 | 1 Apache | 1 Airflow Common Sql Provider | 2025-04-11 | N/A | 8.8 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could inject arbitrary SQL command when triggering DAG exposing partition_clause to the user. This allowed the DAG Triggering user to escalate privileges to execute those arbitrary commands which they normally would not have. This issue affects Apache Airflow Common SQL Provider: before 1.24.1. Users are recommended to upgrade to version 1.24.1, which fixes the issue. | |||||
| CVE-2025-3353 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2013-4715 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-3988 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||