Total
15171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4020 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Old Age Home Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||||
| CVE-2025-4027 | 1 Phpgurukul | 1 Old Age Home Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/rules.php. The manipulation of the argument pagetitle leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-24375 | 1 Jfinalcms Project | 1 Jfinalcms | 2025-04-30 | N/A | 7.5 HIGH |
| SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. | |||||
| CVE-2024-29432 | 1 Alldata | 1 Alldata | 2025-04-30 | N/A | 9.8 CRITICAL |
| Alldata v0.4.6 was discovered to contain a SQL injection vulnerability via the tablename parameter at /data/masterdata/datas. | |||||
| CVE-2024-37765 | 1 Machform | 1 Machform | 2025-04-30 | N/A | 8.8 HIGH |
| Machform up to version 19 is affected by an authenticated Blind SQL injection in the user account settings page. | |||||
| CVE-2024-44739 | 1 Oretnom23 | 1 Simple Forum Website | 2025-04-30 | N/A | 8.8 HIGH |
| Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=. | |||||
| CVE-2024-25239 | 1 Walterjnr1 | 1 Employee Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. | |||||
| CVE-2022-43256 | 1 Seacms | 1 Seacms | 2025-04-30 | N/A | 9.8 CRITICAL |
| SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php. | |||||
| CVE-2022-43135 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
| Online Diagnostic Lab Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /diagnostic/login.php. | |||||
| CVE-2022-38148 | 1 Silverstripe | 1 Framework | 2025-04-30 | N/A | 8.8 HIGH |
| Silverstripe silverstripe/framework through 4.11 allows SQL Injection. | |||||
| CVE-2021-38819 | 1 Simple Image Gallery Web App Project | 1 Simple Image Gallery Web App | 2025-04-30 | N/A | 8.8 HIGH |
| A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through "id" parameter on the album page. | |||||
| CVE-2025-32968 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 8.8 HIGH |
| XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. The protection added to this REST API is the same as the one used to validate complete select queries, making it more consistent. However, while the script API always had this protection for complete queries, it's important to note that it's a very strict protection and some valid, but complex, queries might suddenly require the author to have programming right. | |||||
| CVE-2025-32969 | 1 Xwiki | 1 Xwiki | 2025-04-30 | N/A | 9.8 CRITICAL |
| XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend, including when "Prevent unregistered users from viewing pages, regardless of the page rights" and "Prevent unregistered users from editing pages, regardless of the page rights" options are enabled. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This issue has been patched in versions 16.10.1, 16.4.6 and 15.10.16. There is no known workaround, other than upgrading XWiki. | |||||
| CVE-2025-46252 | 1 Kofimokome | 1 Message Filter For Contact Form 7 | 2025-04-30 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kofimokome Message Filter for Contact Form 7 allows SQL Injection. This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3.2. | |||||
| CVE-2022-44378 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2025-04-30 | N/A | 7.2 HIGH |
| Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic. | |||||
| CVE-2022-44003 | 1 Backclick | 1 Backclick | 2025-04-30 | N/A | 9.8 CRITICAL |
| An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations. | |||||
| CVE-2025-3341 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservation_view.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3342 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3343 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservation_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-3344 | 1 Code-projects | 1 Online Restaurant Management System | 2025-04-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||