Total
15493 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-13036 | 1 Fabianros | 1 Chat System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-31671 | 1 Webbax | 1 Postfinance | 2025-01-06 | N/A | 9.8 CRITICAL |
| PrestaShop postfinance <= 17.1.13 is vulnerable to SQL Injection via PostfinanceValidationModuleFrontController::postProcess(). | |||||
| CVE-2023-30150 | 1 Leotheme | 1 Leocustomajax | 2025-01-06 | N/A | 9.8 CRITICAL |
| PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. | |||||
| CVE-2024-13037 | 1 1000projects | 1 Attendance Tracking Management System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12791 | 1 Codezips | 1 E-commerce Site | 2025-01-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12792 | 1 Codezips | 1 E-commerce Site | 2025-01-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13072 | 1 1000projects | 1 Beauty Parlour Management System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-services.php of the component Customer Detail Handler. The manipulation of the argument sids[] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13078 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13079 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Land Record System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/property-details.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13084 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-13085 | 1 Phpgurukul | 1 Land Record System | 2025-01-06 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-12794 | 1 Codezips | 1 E-commerce Site | 2025-01-06 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-0214 | 2025-01-04 | 4.3 MEDIUM | 4.1 MEDIUM | ||
| A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2023-35036 | 1 Progress | 1 Moveit Transfer | 2025-01-03 | N/A | 9.1 CRITICAL |
| In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content. | |||||
| CVE-2024-12832 | 1 Arista | 1 Ng Firewall | 2025-01-03 | N/A | 6.3 MEDIUM |
| Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325. | |||||
| CVE-2023-34756 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-03 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. | |||||
| CVE-2023-34755 | 2 Apple, Bloofox | 2 Macos, Bloofoxcms | 2025-01-03 | N/A | 9.8 CRITICAL |
| bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. | |||||
| CVE-2024-32480 | 1 Librenms | 1 Librenms | 2025-01-02 | N/A | 7.2 HIGH |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The `order` parameter is obtained from `$request`. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting in a SQL injection vulnerability. An attacker may extract a whole database this way. Version 24.4.0 fixes the issue. | |||||
| CVE-2024-32461 | 1 Librenms | 1 Librenms | 2025-01-02 | N/A | 7.1 HIGH |
| LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability. | |||||
| CVE-2024-2073 | 1 Oretnom23 | 1 Block Inserter For Dynamic Content | 2025-01-02 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388. | |||||