Export limit exceeded: 18760 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18760 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36503 | 1 Native-php-cms Project | 1 Native-php-cms | 2025-03-27 | 9.8 Critical |
| SQL injection vulnerability in native-php-cms 1.0 allows remote attackers to run arbitrary SQL commands via the cat parameter to /list.php file. | ||||
| CVE-2024-9574 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 9.8 Critical |
| SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | ||||
| CVE-2024-9573 | 1 Soplanning | 1 Soplanning | 2025-03-27 | 6.3 Medium |
| SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server. | ||||
| CVE-2025-2625 | 1 Westboy | 1 Cicadascms | 2025-03-27 | 6.3 Medium |
| A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-42913 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 5.4 Medium |
| RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. | ||||
| CVE-2023-41014 | 1 Code-projects | 1 Online Job Portal | 2025-03-26 | 9.8 Critical |
| code-projects.org Online Job Portal 1.0 is vulnerable to SQL Injection via the Username parameter for "Employer." | ||||
| CVE-2024-25227 | 1 Abocms | 1 Abo.cms | 2025-03-26 | 6.5 Medium |
| SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. | ||||
| CVE-2022-48114 | 1 Ruoyi | 1 Ruoyi | 2025-03-26 | 9.8 Critical |
| RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable. | ||||
| CVE-2022-48082 | 1 Easyone | 1 Easyone Crm | 2025-03-26 | 9.8 Critical |
| Easyone CRM v5.50.02 was discovered to contain a SQL Injection vulnerability via the text parameter at /Services/Misc.asmx/SearchTag. | ||||
| CVE-2022-45589 | 1 Talend | 1 Esb Runtime | 2025-03-26 | 7.2 High |
| All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. | ||||
| CVE-2021-37316 | 1 Asus | 2 Rt-ac68u, Rt-ac68u Firmware | 2025-03-26 | 7.5 High |
| SQL injection vulnerability in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to view sensitive information via /etc/shadow. | ||||
| CVE-2025-2624 | 1 Westboy | 1 Cicadascms | 2025-03-26 | 6.3 Medium |
| A vulnerability was found in westboy CicadasCMS 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /system/cms/content/save. The manipulation of the argument content/fujian/laiyuan leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-36433 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_delete_mask function in jocms/apps/mask/mask.php. | ||||
| CVE-2021-36432 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 7.5 High |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_set_mask() function in jocms/apps/mask/mask.php. | ||||
| CVE-2021-36431 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check() function in jocms/apps/mask/inc/mask.php. | ||||
| CVE-2021-36484 | 1 Jizhicms | 1 Jizhicms | 2025-03-26 | 9.8 Critical |
| SQL injection vulnerability in JIZHICMS 1.9.5 allows attackers to run arbitrary SQL commands via add or edit article page. | ||||
| CVE-2021-36434 | 1 Jocms Project | 1 Jocms | 2025-03-26 | 9.1 Critical |
| SQL injection vulnerability in jocms 0.8 allows remote attackers to run arbitrary SQL commands and view sentivie information via jo_json_check function in jocms/apps/mask/inc/getmask.php. | ||||
| CVE-2023-23948 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 6.2 Medium |
| The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0. | ||||
| CVE-2024-33247 | 1 Oretnom23 | 1 Employee Task Management System | 2025-03-26 | 8.8 High |
| Sourcecodester Employee Task Management System v1.0 is vulnerable to SQL Injection via admin-manage-user.php. | ||||
| CVE-2025-2654 | 1 Oretnom23 | 1 Ac Repair And Services System | 2025-03-26 | 7.3 High |
| A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/services/manage_service.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||