Total
16273 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2655 | 1 Web-dorado | 1 Contact Form Maker | 2025-06-02 | N/A | 7.2 HIGH |
| The Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | |||||
| CVE-2021-24869 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2025-06-02 | N/A | 8.8 HIGH |
| The WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber | |||||
| CVE-2024-0405 | 1 Burst-statistics | 1 Burst Statistics | 2025-06-02 | N/A | 7.2 HIGH |
| The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database. | |||||
| CVE-2023-50028 | 1 Prestashopmodules | 1 Sliding Cart Block | 2025-06-02 | N/A | 9.8 CRITICAL |
| In the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection. | |||||
| CVE-2023-27113 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | N/A | 9.8 CRITICAL |
| pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the organizationCode parameter at project.php. | |||||
| CVE-2023-27112 | 1 A54552239 | 1 Pearprojectapi | 2025-05-30 | N/A | 9.8 CRITICAL |
| pearProjectApi v2.8.10 was discovered to contain a SQL injection vulnerability via the projectCode parameter at project.php. | |||||
| CVE-2022-45165 | 1 Archibus | 1 Web Central | 2025-05-30 | N/A | 6.5 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a user-controlled parameter that is used to create an SQL query. It causes this service to be prone to SQL injection. | |||||
| CVE-2022-34909 | 1 Aremis | 1 Aremis 4 Nomads | 2025-05-30 | N/A | 7.7 HIGH |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It allows SQL Injection, by which an attacker can bypass authentication and retrieve data that is stored in the database. | |||||
| CVE-2021-31777 | 1 Dynamic Content Elements Project | 1 Dynamic Content Elements | 2025-05-30 | 4.0 MEDIUM | 4.9 MEDIUM |
| The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account. | |||||
| CVE-2020-26546 | 1 Evolutionscript | 1 Helpdeskz | 2025-05-30 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HelpDeskZ 1.0.2. The feature to auto-login a user, via the RememberMe functionality, is prone to SQL injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-48137 | 1 Proxymis | 1 Interview | 2025-05-30 | N/A | 8.5 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01. | |||||
| CVE-2024-3767 | 1 Phpgurukul | 1 News Portal Project | 2025-05-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4226 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-05-30 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. This affects an unknown part of the file /add-computer.php. The manipulation of the argument compname/comploc leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4695 | 1 Phpgurukul | 1 Cyber Cafe Management System | 2025-05-30 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /add-users.php. The manipulation of the argument uadd leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-52874 | 1 Infoblox | 1 Netmri | 2025-05-30 | N/A | 8.8 HIGH |
| In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks. | |||||
| CVE-2024-51101 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-05-29 | N/A | 9.8 CRITICAL |
| PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php. | |||||
| CVE-2024-24140 | 1 Remyandrade | 1 Daily Habit Tracker | 2025-05-29 | N/A | 7.2 HIGH |
| Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' | |||||
| CVE-2022-38509 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-29 | N/A | 9.8 CRITICAL |
| Wedding Planner v1.0 was discovered to contain a SQL injection vulnerability via the booking_id parameter at /admin/budget.php. | |||||
| CVE-2024-40392 | 1 Fkgeo | 1 Pharmacy\/medical Store Point Of Sale System | 2025-05-29 | N/A | 9.8 CRITICAL |
| SourceCodester Pharmacy/Medical Store Point of Sale System Using PHP/MySQL and Bootstrap Framework with Source Code 1.0 was discovered to contain a SQL injection vulnerability via the name parameter under addnew.php. | |||||
| CVE-2025-3818 | 2025-05-29 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability, which was classified as critical, was found in webpy web.py 0.70. Affected is the function PostgresDB._process_insert_query of the file web/db.py. The manipulation of the argument seqname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||