Export limit exceeded: 19663 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19663 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39620 1 Cridio 1 Listingpro 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-38795 1 Cridio 1 Listingpro 2026-04-23 9.3 Critical
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CridioStudio ListingPro listingpro-plugin allows SQL Injection.This issue affects ListingPro: from n/a through <= 2.9.4.
CVE-2024-38708 1 Ukrsolution 1 Barcode Scanner And Inventory Manager 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.6.1.
CVE-2024-30488 1 Katieseaborn 1 Zotpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Katie Zotpress zotpress.This issue affects Zotpress: from n/a through <= 7.3.7.
CVE-2024-30245 2026-04-23 7.6 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pierre Lannoy DecaLog decalog.This issue affects DecaLog: from n/a through <= 3.9.0.
CVE-2024-30244 2 Church Admin Project, Wordpress 2 Church Admin, Wordpress 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.0.27.
CVE-2024-30238 1 Contest-gallery 1 Contest Gallery 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.2.
CVE-2024-30236 1 Contest-gallery 1 Contest Gallery 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through <= 21.3.4.
CVE-2024-23507 1 Instawp 1 Instawp Connect 2026-04-23 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9.
CVE-2026-33714 1 Chamilo 1 Chamilo Lms 2026-04-23 7.2 High
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end parameters in the get_user_registration_by_month action, the same parameters remain unsanitized in the users_active action within the same file (public/main/inc/ajax/statistics.ajax.php), where they are directly interpolated into a SQL query. An authenticated admin can exploit this to perform time-based blind SQL injection, enabling extraction of arbitrary data from the database. This issue has been fixed in version 2.0.0.
CVE-2008-5054 1 Develop It Easy 1 Membership System 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6378 1 Mxmania 1 Calendar Mx Professional 2026-04-23 N/A
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-6376 1 Nexusjnr 1 Jbook 2026-04-23 N/A
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter).
CVE-2008-6389 1 Aliensoftcorp 1 Rae Media Contact Management 2026-04-23 N/A
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
CVE-2008-6372 1 Ocean12tech 1 Faq Manager Pro 2026-04-23 N/A
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.
CVE-2008-6371 1 Ocean12tech 1 Membership Manager Pro 2026-04-23 N/A
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
CVE-2008-6369 1 Ocean12tech 1 Contact Manager Pro 2026-04-23 N/A
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
CVE-2008-2047 1 Aspindir 1 Angelo-emlak 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.
CVE-2009-0593 1 Plxwebdev 1 Plx Auto Reminder 2026-04-23 N/A
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
CVE-2009-0597 1 W3b Cms 1 Aka W3blabor Cms 2026-04-23 N/A
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.