Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3141 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Online Medicine Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20197 | 2025-04-09 | N/A | 7.3 HIGH | ||
| A vulnerability was found in propanetank Roommate-Bill-Tracking up to 288437f658fc9ee7d4b92a9da12557024d8bc55c. It has been declared as critical. This vulnerability affects unknown code of the file /includes/login.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The name of the patch is b32bb1b940f82d38fb9310cd66ebe349e20a1d0a. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2025-32550 | 2025-04-09 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Pledge Connect Plugin: from 2.24080000 through WP6.6.1. | |||||
| CVE-2025-32677 | 2025-04-09 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in solwininfotech WP Social Stream Designer allows Blind SQL Injection. This issue affects WP Social Stream Designer: from n/a through 1.3. | |||||
| CVE-2025-32676 | 2025-04-09 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Picture-Planet GmbH Verowa Connect allows Blind SQL Injection. This issue affects Verowa Connect: from n/a through 3.0.5. | |||||
| CVE-2025-32685 | 2025-04-09 | N/A | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aristo Rinjuang WP Inquiries allows SQL Injection. This issue affects WP Inquiries: from n/a through 0.2.1. | |||||
| CVE-2022-40827 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php where() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-40828 | 1 Codeigniter | 1 Codeigniter | 2025-04-09 | N/A | 9.8 CRITICAL |
| B.C. Institute of Technology CodeIgniter <=3.1.13 is vulnerable to SQL Injection via system\database\DB_query_builder.php or_where_not_in() function. Note: Multiple third parties have disputed this as not a valid vulnerability. | |||||
| CVE-2022-38490 | 1 Easyvista | 1 Service Manager | 2025-04-09 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL injection. Version 2022.1.110.1.02 corrects this issue. | |||||
| CVE-2022-38492 | 1 Easyvista | 1 Service Manager | 2025-04-09 | N/A | 8.8 HIGH |
| An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL injection. Version 2022.1.110.1.02 fixes the vulnerability. | |||||
| CVE-2022-47860 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php. | |||||
| CVE-2022-47862 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php. | |||||
| CVE-2022-47864 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php. | |||||
| CVE-2022-47790 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/index.php?page=display&id=. | |||||
| CVE-2022-47866 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php. | |||||
| CVE-2022-47861 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php. | |||||
| CVE-2022-47859 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php. | |||||
| CVE-2022-47865 | 1 Lead Management System Project | 1 Lead Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php. | |||||
| CVE-2025-22211 | 1 Webdesigner-profi | 1 Joomshopping | 2025-04-09 | N/A | N/A |
| A SQL injection vulnerability in the JoomShopping component versions 1.0.0-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the country management area in backend. | |||||
| CVE-2025-3383 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-09 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||