Export limit exceeded: 18604 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18604 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13561 | 2 Sourcecodester, Torrahclef | 2 Company Website Cms, Company Website Cms | 2025-11-26 | 7.3 High |
| A vulnerability was determined in SourceCodester Company Website CMS 1.0. This vulnerability affects unknown code of the file /admin/index.php. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-13560 | 2 Sourcecodester, Torrahclef | 2 Company Website Cms, Company Website Cms | 2025-11-26 | 7.3 High |
| A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2023-49440 | 1 Ahnlab | 1 Epp | 2025-11-26 | 8.8 High |
| AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter." | ||||
| CVE-2025-28982 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2025-11-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | ||||
| CVE-2025-8121 | 2 Pad, Widzialni | 2 Pad Cms, Pad Cms | 2025-11-26 | 8.8 High |
| Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | ||||
| CVE-2025-8122 | 2 Pad, Widzialni | 2 Pad Cms, Pad Cms | 2025-11-26 | 8.8 High |
| Improper neutralization of input provided by an authorized user in article positioning functionality allows for Blind SQL Injection attacks. This issue affects all 3 templates: www, bip and ww+bip. This product is End-Of-Life and producent will not publish patches for this vulnerability. | ||||
| CVE-2025-59369 | 1 Asus | 1 Router | 2025-11-25 | N/A |
| A SQL injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary SQL queries, leading to unauthorized data access. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-60797 | 2 Phppgadmin, Phppgadmin Project | 2 Phppgadmin, Phppgadmin | 2025-11-25 | 6.5 Medium |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in dataexport.php at line 118. The application directly executes user-supplied SQL queries from the $_REQUEST['query'] parameter without any sanitization or parameterization via $data->conn->Execute($_REQUEST['query']). An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands, potentially leading to complete database compromise, data theft, or privilege escalation. | ||||
| CVE-2025-60798 | 2 Phppgadmin, Phppgadmin Project | 2 Phppgadmin, Phppgadmin | 2025-11-25 | 6.5 Medium |
| phpPgAdmin 7.13.0 and earlier contains a SQL injection vulnerability in display.php at line 396. The application passes user-controlled input from $_REQUEST['query'] directly to the browseQuery function without proper sanitization. An authenticated attacker can exploit this vulnerability to execute arbitrary SQL commands through malicious query manipulation, potentially leading to complete database compromise. | ||||
| CVE-2025-64493 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-11-25 | 6.5 Medium |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 8.6.0 through 8.9.0, there is an authenticated, blind (time-based) SQL-injection inside the appMetadata-operation of the GraphQL-API. This allows extraction of arbitrary data from the database, and does not require administrative access. This issue is fixed in version 8.9.1. | ||||
| CVE-2025-64492 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-11-25 | 8.8 High |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times, potentially leading to the extraction of sensitive information. It is possible for an attacker to enumerate database, table, and column names, extract sensitive data, or escalate privileges. This is fixed in version 8.9.1. | ||||
| CVE-2025-64488 | 2 Salesagility, Suitecrm | 2 Suitecrm, Suitecrm | 2025-11-25 | 8.8 High |
| SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In versions 7.14.7 and below and 8.0.0-beta.1 through 8.9.0 8.0.0-beta.1, an attacker can craft a malicious call_id that alters the logic of the SQL query or injects arbitrary SQL. An attack can lead to unauthorized data access and data ex-filtration, complete database compromise, and other various issues. This issue is fixed in versions 7.14.8 and 8.9.1. | ||||
| CVE-2025-50860 | 1 Ehcp | 1 Easy Hosting Control Panel | 2025-11-25 | 5.4 Medium |
| SQL Injection in the listdomains function in Easy Hosting Control Panel (EHCP) 20.04.1.b allows authenticated attackers to access or manipulate database contents via the arananalan POST parameter. | ||||
| CVE-2024-40614 | 1 Egroupware | 1 Egroupware | 2025-11-25 | 6.5 Medium |
| EGroupware before 23.1.20240624 mishandles an ORDER BY clause. This leads to json.php?menuaction=EGroupware\Api\Etemplate\Widget\Nextmatch::ajax_get_rows sort.id SQL injection by authenticated users for Address Book or InfoLog sorting. | ||||
| CVE-2024-34472 | 2 Hsc, Hsclabs | 2 Mailinspector, Mailinspector | 2025-11-25 | 5.5 Medium |
| An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php does not properly sanitize input, allowing an authenticated attacker to execute arbitrary SQL commands, leading to the potential disclosure of the entire application database. | ||||
| CVE-2024-8395 | 1 Flycass | 1 Flycass | 2025-11-25 | 9.8 Critical |
| FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. | ||||
| CVE-2025-40755 | 1 Siemens | 2 Sinec-nms, Sinec Nms | 2025-11-25 | 8.8 High |
| A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP1). Affected applications are vulnerable to SQL injection through getTotalAndFilterCounts endpoint. An authenticated low privileged attacker could exploit to insert data and achieve privilege escalation. (ZDI-CAN-26570) | ||||
| CVE-2022-2679 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 6.3 Medium |
| A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | ||||
| CVE-2022-38260 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 7.2 High |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=questiondelete&id=. | ||||
| CVE-2022-38255 | 1 Janobe | 1 Interview Management System | 2025-11-25 | 7.2 High |
| Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /interview/editQuestion.php. | ||||