Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39365 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-02-13 | N/A | 6.3 MEDIUM |
| Cacti is an open source operational monitoring and fault management framework. Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||
| CVE-2022-4427 | 1 Otrs | 1 Otrs | 2025-02-13 | N/A | 9.8 CRITICAL |
| Improper Input Validation vulnerability in OTRS AG OTRS, OTRS AG ((OTRS)) Community Edition allows SQL Injection via TicketSearch Webservice This issue affects OTRS: from 7.0.1 before 7.0.40 Patch 1, from 8.0.1 before 8.0.28 Patch 1; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | |||||
| CVE-2020-21060 | 1 Phpmywind | 1 Phpmywind | 2025-02-13 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in PHPMyWind v.5.6 allows a remote attacker to gain privileges via the delete function of the administrator management page. | |||||
| CVE-2023-26856 | 1 Dynamic Transaction Queuing System Project | 1 Dynamic Transaction Queuing System | 2025-02-13 | N/A | 7.2 HIGH |
| Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. | |||||
| CVE-2023-26750 | 1 Yiiframework | 1 Yii | 2025-02-13 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. NOTE: the software maintainer's position is that the vulnerability is in third-party code, not in the framework. | |||||
| CVE-2015-9457 | 1 Caseproof | 1 Prettylinks | 2025-02-13 | 6.5 MEDIUM | 7.2 HIGH |
| The pretty-link plugin before 1.6.8 for WordPress has PrliLinksController::list_links SQL injection via the group parameter. | |||||
| CVE-2024-2338 | 1 Dalibo | 1 Anonymizer | 2025-02-12 | N/A | 7.5 HIGH |
| PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. | |||||
| CVE-2020-36071 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-12 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Management System v.1 allows a remote authenticated attacker to execute arbitrary code via the customer parameter of the email.php page. | |||||
| CVE-2020-36072 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-12 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the id parameter. | |||||
| CVE-2020-36074 | 1 Tailor Mangement System Project | 1 Tailor Mangement System | 2025-02-12 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter. | |||||
| CVE-2023-1522 | 1 Genetec | 1 Security Center | 2025-02-12 | N/A | 8.8 HIGH |
| SQL Injection in the Hardware Inventory report of Security Center 5.11.2. | |||||
| CVE-2020-36077 | 1 Tailor Mangement System Project | 1 Tailor Mangement System | 2025-02-12 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the customer parameter of the orderadd.php file | |||||
| CVE-2025-26348 | 2025-02-12 | N/A | N/A | ||
| A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP requests. | |||||
| CVE-2025-26346 | 2025-02-12 | N/A | N/A | ||
| A CWE-89 "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" in maxprofile/menu/model.lua (editUserGroupMenu endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to execute arbitrary SQL commands via crafted HTTP requests. | |||||
| CVE-2024-24772 | 1 Apache | 1 Superset | 2025-02-12 | N/A | 4.3 MEDIUM |
| A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | |||||
| CVE-2020-36073 | 1 Tailor Management System Project | 1 Tailor Management System | 2025-02-11 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in Tailor Management System v.1 allows a remote attacker to execute arbitrary code via the detail parameter of the document.php page. | |||||
| CVE-2025-0803 | 1 Gymmanagementsystem | 1 Gym Management System | 2025-02-11 | N/A | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/submit_plan_new.php. The manipulation of the argument planid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-26860 | 1 Save Your Carts And Buy Later Or Send It Project | 1 Save Your Carts And Buy Later Or Send It | 2025-02-11 | N/A | 8.8 HIGH |
| SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. | |||||
| CVE-2024-45387 | 1 Apache | 1 Traffic Control | 2025-02-11 | N/A | 8.8 HIGH |
| An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | |||||
| CVE-2023-3987 | 1 Oretnom23 | 1 Simple Online Men\'s Salon Management System | 2025-02-11 | N/A | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608. | |||||