Total
15622 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-2625 | 1 Westboy | 1 Cicadascms | 2025-03-27 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | N/A | 9.8 CRITICAL |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | |||||
| CVE-2023-41014 | 1 Code-projects | 1 Online Job Portal | 2025-03-26 | N/A | 9.8 CRITICAL |
| code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | |||||
| CVE-2024-25227 | 1 Abocms | 1 Abo.cms | 2025-03-26 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. | |||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | N/A | 9.8 CRITICAL |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | |||||
| CVE-2022-48082 | 1 Easyone | 1 Easyone Crm | 2025-03-26 | N/A | 9.8 CRITICAL |
| Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. | |||||
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2025-03-26 | N/A | 7.2 HIGH |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | |||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | |||||
| CVE-2025-2624 | 1 Westboy | 1 Cicadascms | 2025-03-26 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-36433 | 1 Jocms Project | 1 Jocms | 2025-03-26 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36432 | 1 Jocms Project | 1 Jocms | 2025-03-26 | N/A | 7.5 HIGH |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | |||||
| CVE-2021-36431 | 1 Jocms Project | 1 Jocms | 2025-03-26 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | |||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2025-03-26 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | |||||
| CVE-2021-36434 | 1 Jocms Project | 1 Jocms | 2025-03-26 | N/A | 9.1 CRITICAL |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | |||||
| CVE-2023-23948 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | N/A | 6.2 MEDIUM |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | |||||
| CVE-2024-33247 | 1 Oretnom23 | 1 Employee Task Management System | 2025-03-26 | N/A | 8.8 HIGH |
| Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. | |||||
| CVE-2025-2654 | 1 Oretnom23 | 1 Ac Repair And Services System | 2025-03-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-24201 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. | |||||
| CVE-2023-24200 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. | |||||
| CVE-2023-24199 | 1 Oretnom23 | 1 Raffle Draw System | 2025-03-26 | N/A | 9.8 CRITICAL |
| Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. | |||||