Total
15532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-2555 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability. | |||||
| CVE-2024-2556 | 1 Oretnom23 | 1 Employee Task Management System | 2025-02-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055. | |||||
| CVE-2024-2418 | 1 Mayurik | 1 Best Pos Management System | 2025-02-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability. | |||||
| CVE-2024-2393 | 1 Remyandrade | 1 Crud Without Page Reload\/refresh | 2025-02-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability. | |||||
| CVE-2024-2332 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-02-18 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283. | |||||
| CVE-2025-22207 | 2025-02-18 | N/A | N/A | ||
| Improperly built order clauses lead to a SQL injection vulnerability in the backend task list of com_scheduler. | |||||
| CVE-2022-38922 | 1 Iss-oberlausitz | 1 Bluepage Cms | 2025-02-18 | N/A | 9.8 CRITICAL |
| BluePage CMS thru 3.9 processes an insufficiently sanitized HTTP Header Cookie value allowing MySQL Injection in the 'users-cookie-settings' token using a Time-based blind SLEEP payload. | |||||
| CVE-2024-2168 | 1 Mayurik | 1 Online Tours \& Travels Management System | 2025-02-18 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255678 is the identifier assigned to this vulnerability. | |||||
| CVE-2025-25222 | 2025-02-18 | N/A | 7.3 HIGH | ||
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in retrieve.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. | |||||
| CVE-2025-25221 | 2025-02-18 | N/A | 7.3 HIGH | ||
| The LuxCal Web Calendar prior to 5.3.3M (MySQL version) and prior to 5.3.3L (SQLite version) contains an SQL injection vulnerability in pdf.php. If this vulnerability is exploited, information in a database may be deleted, altered, or retrieved. | |||||
| CVE-2025-1389 | 2025-02-17 | N/A | 8.8 HIGH | ||
| Orca HCM from Learning Digital has a SQL Injection vulnerability, allowing attackers with regular privileges to inject arbitrary SQL commands to read, modify, and delete database contents. | |||||
| CVE-2025-26755 | 2025-02-16 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9. | |||||
| CVE-2025-22290 | 2025-02-16 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology LTL Freight Quotes – FreightQuote Edition allows SQL Injection. This issue affects LTL Freight Quotes – FreightQuote Edition: from n/a through 2.3.11. | |||||
| CVE-2025-25355 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter. | |||||
| CVE-2022-38923 | 1 Iss-oberlausitz | 1 Bluepage Cms | 2025-02-14 | N/A | 9.8 CRITICAL |
| BluePage CMS thru v3.9 processes an insufficiently sanitized HTTP Header allowing MySQL Injection in the 'User-Agent' field using a Time-based blind SLEEP payload. | |||||
| CVE-2025-25352 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter. | |||||
| CVE-2025-25354 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter. | |||||
| CVE-2025-25356 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the " todate" POST request parameter. | |||||
| CVE-2025-25357 | 1 Phpgurukul | 1 Land Record System | 2025-02-14 | N/A | 7.2 HIGH |
| A SQL Injection vulnerability was found in /admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the email POST request parameter. | |||||
| CVE-2024-3085 | 1 Phpgurukul | 1 Emergency Ambulance Hiring Portal | 2025-02-14 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability. | |||||