Total
14887 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4906 | 1 Phpgurukul | 1 Notice Board System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4907 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Daily Expense Tracker System 1.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4908 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul Daily Expense Tracker System 1.1. This affects an unknown part of the file /expense-datewise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-26971 | 1 Ays-pro | 1 Poll Maker | 2025-05-21 | N/A | 7.6 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ays-pro Poll Maker allows Blind SQL Injection. This issue affects Poll Maker: from n/a through 5.6.5. | |||||
| CVE-2022-41570 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-05-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Unauthenticated SQL injection can occur. | |||||
| CVE-2022-40043 | 1 Centreon | 1 Centreon | 2025-05-21 | N/A | 8.8 HIGH |
| Centreon v20.10.18 was discovered to contain a SQL injection vulnerability via the esc_name (Escalation Name) parameter at Configuration/Notifications/Escalations. | |||||
| CVE-2024-13726 | 1 Themescoder | 1 Themes Coder | 2025-05-21 | N/A | 8.6 HIGH |
| The Coder WordPress plugin through 1.3.4 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection | |||||
| CVE-2022-40877 | 1 Exam Reviewer Management System Project | 1 Exam Reviewer Management System | 2025-05-21 | N/A | 9.8 CRITICAL |
| Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter. | |||||
| CVE-2022-40354 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-05-21 | N/A | 7.2 HIGH |
| Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php. | |||||
| CVE-2022-3323 | 1 Advantech | 1 Iview | 2025-05-21 | N/A | 7.5 HIGH |
| An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | |||||
| CVE-2021-41433 | 1 Resumes Management And Job Application Website Application Project | 1 Resumes Management And Job Application Website Application | 2025-05-21 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php. | |||||
| CVE-2025-4773 | 1 Phpgurukul | 1 Online Course Registration | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4777 | 1 Phpgurukul | 1 Park Ticketing Management System | 2025-05-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul Park Ticketing Management System 2.0. It has been classified as critical. This affects an unknown part of the file /view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-39481 | 1 Imithemes | 1 Eventer | 2025-05-21 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer allows Blind SQL Injection. This issue affects Eventer: from n/a through 3.9.6. | |||||
| CVE-2025-4771 | 1 Phpgurukul | 1 Online Course Registration | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the argument coursecode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4911 | 1 Phpgurukul | 1 Zoo Management System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/view-foreigner-ticket.php. The manipulation of the argument viewid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4925 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in PHPGurukul Daily Expense Tracker System 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /expense-monthwise-reports-detailed.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4927 | 1 Phpgurukul | 1 Online Marriage Registration System | 2025-05-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in PHPGurukul Online Marriage Registration System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/between-dates-application-report.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-41440 | 1 Billing System Project Project | 1 Billing System Project | 2025-05-20 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php. | |||||
| CVE-2022-41439 | 1 Billing System Project Project | 1 Billing System Project | 2025-05-20 | N/A | 7.2 HIGH |
| Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php. | |||||