Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-50631 | 2025-03-19 | N/A | N/A | ||
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in the system syncing daemon in Synology Drive Server before 3.0.4-12699, 3.2.1-23280, 3.5.0-26085 and 3.5.1-26102 allows remote attackers to inject SQL commands, limited to write operations, via unspecified vectors. | |||||
| CVE-2024-40393 | 1 Angeljudesuarez | 1 Online Clinic Management System | 2025-03-18 | N/A | 9.8 CRITICAL |
| Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php. | |||||
| CVE-2021-33948 | 1 Hotels Server Project | 1 Hotels Server | 2025-03-18 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in FantasticLBP Hotels Server v1.0 allows attacker to execute arbitrary code via the username parameter. | |||||
| CVE-2024-57035 | 1 Wegia | 1 Wegia | 2025-03-18 | N/A | 9.8 CRITICAL |
| WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. | |||||
| CVE-2023-24220 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. | |||||
| CVE-2023-24219 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. | |||||
| CVE-2023-24221 | 1 Luckyframe | 1 Luckyframeweb | 2025-03-18 | N/A | 9.8 CRITICAL |
| LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. | |||||
| CVE-2023-23279 | 1 Canteen Management System Project | 1 Canteen Management System | 2025-03-18 | N/A | 9.8 CRITICAL |
| Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. | |||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2025-03-18 | N/A | 7.2 HIGH |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | |||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-03-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-18 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||||
| CVE-2024-0709 | 1 Coolplugins | 1 Cryptocurrency Widgets | 2025-03-18 | N/A | 7.5 HIGH |
| The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-54929 | 1 Lopalopa | 1 E-learning Management System | 2025-03-18 | N/A | 7.2 HIGH |
| KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | |||||
| CVE-2012-5853 | 1 Vinojcardoza | 1 Ajax Post Search | 2025-03-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | |||||
| CVE-2023-26093 | 1 Puzzle | 1 Liima | 2025-03-17 | N/A | 9.8 CRITICAL |
| Liima before 1.17.28 allows Hibernate query language (HQL) injection, related to colToSort in the deployment filter. | |||||
| CVE-2022-45564 | 1 Znfit | 1 Home Improvement Erp Management System | 2025-03-17 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207,v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet. | |||||
| CVE-2024-2879 | 1 Kreaturamedia | 1 Layerslider | 2025-03-17 | N/A | 7.5 HIGH |
| The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2025-2199 | 2025-03-17 | N/A | N/A | ||
| SQL injection vulnerability in the Innovación y Cualificación local administration plugin ajax.php. This vulnerability allows an attacker to obtain, update and delete data from the database by injecting an SQL query in ‘searchActionsToUpdate’, ‘searchSpecialitiesPending’, ‘searchSpecialitiesLinked’, ‘searchUsersToUpdateProfile’, ‘training_action_data’, ‘showContinuingTrainingCourses’ and ‘showUsersToEdit’ in /local/administration/ajax.php. | |||||
| CVE-2025-2358 | 2025-03-17 | N/A | 6.3 MEDIUM | ||
| A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-2353 | 2025-03-17 | N/A | 7.3 HIGH | ||
| A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registry_id/plane_icao leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | |||||