Total
15592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | |||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | |||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | |||||
| CVE-2023-23279 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-03-18 | N/A | 9.8 CRITICAL |
| Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | |||||
| CVE-2025-2200 | 2025-03-18 | N/A | N/A | ||
| SQL injection vulnerability in the IcProgreso Innovación y Cualificación plugin. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query on the parameters user, id, idGroup, start_date and end_date in the endpoint /report/icprogreso/generar_blocks.php. | |||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2025-03-18 | N/A | 7.2 HIGH |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | |||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-03-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 9.8 CRITICAL |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | N/A | 7.2 HIGH |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | |||||
| CVE-2025-22954 | 2025-03-18 | N/A | 10.0 CRITICAL | ||
| GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter. | |||||
| CVE-2024-25897 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 9.8 CRITICAL |
| ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | |||||
| CVE-2024-25896 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 5.3 MEDIUM |
| ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. | |||||
| CVE-2024-25894 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 9.8 CRITICAL |
| ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. | |||||
| CVE-2024-25893 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 9.1 CRITICAL |
| ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | |||||
| CVE-2024-25892 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 8.1 HIGH |
| ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. | |||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2025-03-17 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | |||||
| CVE-2024-25891 | 1 Churchcrm | 1 Churchcrm | 2025-03-17 | N/A | 7.5 HIGH |
| ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. | |||||
| CVE-2022-45564 | 1 Znfit | 1 Home Improvement Erp Management System | 2025-03-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | |||||
| CVE-2024-2879 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | N/A | 9.8 CRITICAL |
| The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||