Total
16271 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6006 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6007 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6008 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-6009 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 5.8 MEDIUM | 4.7 MEDIUM |
| A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-44755 | 1 Mayurik | 1 Sacco Management System | 2025-06-19 | N/A | 9.8 CRITICAL |
| Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | |||||
| CVE-2025-25580 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. | |||||
| CVE-2025-25590 | 1 R1bbit | 1 Yimioa | 2025-06-19 | N/A | 6.1 MEDIUM |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | |||||
| CVE-2025-22980 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-18 | N/A | 6.7 MEDIUM |
| A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | |||||
| CVE-2025-27753 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| A SQLi vulnerability in RSMediaGallery component 1.7.4 - 2.1.6 for Joomla was discovered. The vulnerability is due to the use of unescaped user-supplied parameters in SQL queries within the dashboard component. This allows an authenticated attacker to inject malicious SQL code through unsanitized input fields, which are used directly in SQL queries. Exploiting this flaw can lead to unauthorized database access, data leakage, or modification of records. | |||||
| CVE-2025-47573 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0. | |||||
| CVE-2025-28972 | 2025-06-17 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Suhas Surse WP Employee Attendance System allows Blind SQL Injection. This issue affects WP Employee Attendance System: from n/a through 3.5. | |||||
| CVE-2025-48118 | 2025-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpExperts Hub Woocommerce Partial Shipment allows SQL Injection. This issue affects Woocommerce Partial Shipment: from n/a through 3.2. | |||||
| CVE-2025-6132 | 2025-06-17 | 7.5 HIGH | 7.3 HIGH | ||
| A vulnerability has been found in Chanjet CRM 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /sysconfig/departmentsetting.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-49854 | 2025-06-17 | N/A | 7.6 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anh Tran Slim SEO allows SQL Injection. This issue affects Slim SEO: from n/a through 4.5.4. | |||||
| CVE-2025-5673 | 2025-06-17 | N/A | 6.5 MEDIUM | ||
| The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-39486 | 2025-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Rankie allows SQL Injection. This issue affects Rankie: from n/a through n/a. | |||||
| CVE-2025-24773 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows SQL Injection. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0. | |||||
| CVE-2025-30562 | 2025-06-17 | N/A | 8.5 HIGH | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdistillery Navigation Tree Elementor allows Blind SQL Injection. This issue affects Navigation Tree Elementor: from n/a through 1.0.1. | |||||
| CVE-2025-49452 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3. | |||||
| CVE-2025-39479 | 2025-06-17 | N/A | 9.3 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3. | |||||