Export limit exceeded: 35019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18906 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18906 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4088 | 1 Stock Management System Project | 1 Stock Management System | 2025-04-14 | 7.3 High |
| A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214322 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-54921 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | ||||
| CVE-2024-54923 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | ||||
| CVE-2024-54924 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | ||||
| CVE-2022-4161 | 1 Contest-gallery | 1 Contest Gallery | 2025-04-14 | 6.5 Medium |
| The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cg_copy_start POST parameter before concatenating it to an SQL query in copy-gallery-images.php. This may allow malicious users with at least author privilege to leak sensitive information from the site's database. | ||||
| CVE-2024-54925 | 1 Lopalopa | 1 E-learning Management System | 2025-04-14 | 9.8 Critical |
| A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | ||||
| CVE-2024-53505 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. | ||||
| CVE-2024-53506 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. | ||||
| CVE-2024-53507 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | ||||
| CVE-2025-30372 | 1 Emlog | 1 Emlog | 2025-04-14 | 9.8 Critical |
| Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue. | ||||
| CVE-2024-53504 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2025-04-14 | 9.8 Critical |
| A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. | ||||
| CVE-2024-31545 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.4 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | ||||
| CVE-2024-31547 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-04-14 | 9.1 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/item/view_item.php. | ||||
| CVE-2024-31546 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.8 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | ||||
| CVE-2023-49989 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 9.8 Critical |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php. | ||||
| CVE-2023-49988 | 2 Phpgurukul, Pratham-jaiswal | 2 Hotel Booking Management System, Hotel Booking Management System | 2025-04-14 | 7.5 High |
| Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php. | ||||
| CVE-2014-0821 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | ||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2025-04-12 | N/A |
| SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI. | ||||
| CVE-2015-5452 | 1 Watchguard | 1 Xcs | 2025-04-12 | N/A |
| SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3. | ||||
| CVE-2015-2196 | 1 Web-dorado | 1 Spider Calendar | 2025-04-12 | N/A |
| SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php. | ||||