Export limit exceeded: 18748 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18748 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29390 | 2 Anuj Kumar, Anujk305 | 2 Daily Expenses Management System, Daily Expenses Management System | 2025-06-20 | 7.3 High |
| Daily Expenses Management System version 1.0, developed by PHP Gurukul, contains a time-based blind SQL injection vulnerability in the 'add-expense.php' page. An attacker can exploit the 'item' parameter in a POST request to execute arbitrary SQL commands in the backend database. This can be done by injecting specially crafted SQL queries that make the database perform time-consuming operations, thereby confirming the presence of the SQL injection vulnerability based on the delay in the server's response. | ||||
| CVE-2024-22627 | 1 Campcodes | 1 Supplier Management System | 2025-06-20 | 7.2 High |
| Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. | ||||
| CVE-2023-51810 | 1 Stackideas | 1 Easydiscuss | 2025-06-20 | 7.5 High |
| SQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module. | ||||
| CVE-2023-6620 | 1 Wpexperts | 1 Post Smtp | 2025-06-20 | 7.2 High |
| The POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin. | ||||
| CVE-2023-51978 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-06-20 | 8.1 High |
| In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. | ||||
| CVE-2023-51805 | 1 Tduckcloud | 1 Tduck-platform | 2025-06-20 | 8.1 High |
| SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file. | ||||
| CVE-2023-30016 | 1 Oretnom23 | 1 Judging Management System | 2025-06-20 | 9.8 Critical |
| SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php. | ||||
| CVE-2022-3764 | 1 Wpvibes | 1 Form Vibes | 2025-06-20 | 7.2 High |
| The plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability. | ||||
| CVE-2021-24151 | 1 Benjaminrojas | 1 Wp Editor | 2025-06-20 | 7.2 High |
| The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings. | ||||
| CVE-2023-48864 | 1 Sem-cms | 1 Semcms | 2025-06-20 | 7.5 High |
| SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | ||||
| CVE-2025-6005 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 4.7 Medium |
| A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutimg/info1/info2/info3/btn1/btn2/infox1/infox2/infox3/infox4/infox5/infox6/btnx2/infof1/infof2/infof3/infof4/btnf3/infod1/infod2/infod3/infod4/infod5 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6006 | 1 Kicode111 | 1 Like-girl | 2025-06-20 | 4.7 Medium |
| A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the argument id/imgText/imgDatd/imgUrl leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6007 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 4.7 Medium |
| A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6008 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 4.7 Medium |
| A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6009 | 1 Kicode111 | 1 Like-girl | 2025-06-19 | 4.7 Medium |
| A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-44755 | 1 Mayurik | 1 Sacco Management System | 2025-06-19 | 9.8 Critical |
| Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php. | ||||
| CVE-2025-25580 | 1 R1bbit | 1 Yimioa | 2025-06-19 | 6.1 Medium |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the listNameBySql() method at /xml/UserMapper.xml. | ||||
| CVE-2025-25590 | 1 R1bbit | 1 Yimioa | 2025-06-19 | 6.1 Medium |
| yimioa before v2024.07.04 was discovered to contain a SQL injection vulnerability via the component /mapper/xml/AddressDao.xml. | ||||
| CVE-2023-45162 | 1 1e | 1 Platform | 2025-06-18 | 9.9 Critical |
| Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply hotfix Q23169 SaaS implementations on v23.7.1 will automatically have hotfix Q23173 applied. Customers with SaaS versions below this are urged to upgrade urgently - please contact 1E to arrange this | ||||
| CVE-2025-22980 | 1 Slims | 1 Senayan Library Management System Bulian | 2025-06-18 | 6.7 Medium |
| A SQL Injection vulnerability exists in Senayan Library Management System SLiMS 9 Bulian 9.6.1 via the tempLoanID parameter in the loan form on /admin/modules/circulation/loan.php. | ||||