Total
15612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-33802 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 6.5 MEDIUM |
| A SQL injection vulnerability in /model/get_student_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the index parameter. | |||||
| CVE-2024-33803 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability in /model/get_exam.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33804 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 6.3 MEDIUM |
| A SQL injection vulnerability in /model/get_subject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33805 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in /model/get_student.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33806 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in /model/get_grade.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33807 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 5.4 MEDIUM |
| A SQL injection vulnerability in /model/get_teacher_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the grade parameter. | |||||
| CVE-2024-33808 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL injection vulnerability in /model/get_timetable.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2024-33402 | 1 Campcodes | 1 Complete Web-based School Management System | 2025-03-25 | N/A | 8.1 HIGH |
| A SQL injection vulnerability in /model/approve_petty_cash.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2023-52155 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability in /admin/sauvegarde/run.php in PMB 7.4.7 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via the sauvegardes variable through the /admin/sauvegarde/run.php endpoint. | |||||
| CVE-2023-52153 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability in /pmb/opac_css/includes/sessions.inc.php in PMB 7.4.7 and earlier allows remote unauthenticated attackers to inject arbitrary SQL commands via the PmbOpac-LOGIN cookie value. | |||||
| CVE-2023-51828 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability in /admin/convert/export.class.php in PMB 7.4.7 and earlier versions allows remote unauthenticated attackers to execute arbitrary SQL commands via the query parameter in get_next_notice function. | |||||
| CVE-2023-38844 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 7.5 HIGH |
| SQL injection vulnerability in PMB v.7.4.7 and earlier allows a remote attacker to execute arbitrary code via the thesaurus parameter in export_skos.php. | |||||
| CVE-2023-37177 | 1 Sigb | 1 Pmb | 2025-03-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/export_z3950.php endpoint. | |||||
| CVE-2025-22974 | 1 Seacms | 1 Seacms | 2025-03-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component. | |||||
| CVE-2025-2682 | 1 Anujkumar | 1 Bank Locker Management System | 2025-03-25 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /edit-subadmin.php?said=3. The manipulation of the argument mobilenumber leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-45526 | 1 Institutional Management Website Project | 1 Institutional Management Website | 2025-03-25 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Future-Depth Institutional Management Website (IMS) 1.0, allows attackers to execute arbitrary commands via the ad parameter to /admin_area/login_transfer.php. | |||||
| CVE-2024-3552 | 1 Salephpscripts | 1 Web Directory Free | 2025-03-25 | N/A | 9.8 CRITICAL |
| The Web Directory Free WordPress plugin before 1.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and Error-Based. | |||||
| CVE-2023-24685 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 7.2 HIGH |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module. | |||||
| CVE-2023-24684 | 1 Churchcrm | 1 Churchcrm | 2025-03-24 | N/A | 7.2 HIGH |
| ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php. | |||||
| CVE-2024-57031 | 1 Wegia | 1 Wegia | 2025-03-24 | N/A | 9.8 CRITICAL |
| WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. | |||||