Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-1173 | 1 Wedevs | 1 Wp Erp | 2025-01-30 | N/A | N/A |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin access, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-0952 | 1 Wedevs | 1 Wp Erp | 2025-01-30 | N/A | N/A |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-0913 | 1 Wedevs | 1 Wp Erp | 2025-01-30 | N/A | N/A |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the erp/v1/accounting/v1/transactions/sales REST API endpoint in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied status and customer_id parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with accounting manager or admin privileges and higher to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-0956 | 1 Wedevs | 1 Wp Erp | 2025-01-30 | N/A | N/A |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter via the erp/v1/accounting/v1/vendors/1/products/ REST route in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin or accounting manager privileges, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-0608 | 1 Wedevs | 1 Wp Erp | 2025-01-30 | N/A | N/A |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to union-based SQL Injection via the 'email' parameter in all versions up to, and including, 1.12.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-4609 | 1 Rockwellautomation | 1 Factorytalk View | 2025-01-30 | N/A | 9.8 CRITICAL |
| A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime. | |||||
| CVE-2025-24793 | 2025-01-29 | N/A | N/A | ||
| The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1. | |||||
| CVE-2023-30092 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2025-01-29 | N/A | 9.8 CRITICAL |
| SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter. | |||||
| CVE-2023-30203 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-29 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. | |||||
| CVE-2023-27568 | 1 Spryker | 1 Commerce Os | 2025-01-29 | N/A | 8.8 HIGH |
| SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | |||||
| CVE-2023-30077 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-29 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. | |||||
| CVE-2023-29842 | 1 Churchcrm | 1 Churchcrm | 2025-01-29 | N/A | 8.8 HIGH |
| ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | |||||
| CVE-2023-30018 | 1 Judging Management System Project | 1 Judging Management System | 2025-01-29 | N/A | 9.8 CRITICAL |
| Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=. | |||||
| CVE-2023-23470 | 1 Ibm | 1 I | 2025-01-29 | N/A | 6.4 MEDIUM |
| IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. | |||||
| CVE-2021-28999 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-01-29 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | |||||
| CVE-2023-30242 | 1 Netentsec | 1 Application Security Gateway | 2025-01-29 | N/A | 9.8 CRITICAL |
| NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. | |||||
| CVE-2023-30243 | 1 Netentsec | 1 Application Security Gateway | 2025-01-29 | N/A | 7.5 HIGH |
| Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. | |||||
| CVE-2020-23966 | 1 Victor Cms Project | 1 Victor Cms | 2025-01-29 | N/A | 9.8 CRITICAL |
| SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | |||||
| CVE-2024-57328 | 1 Projectworlds | 1 Online Food Ordering System | 2025-01-29 | N/A | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access. | |||||
| CVE-2024-1514 | 1 Wp-ecommerce | 1 Wp Ecommerce | 2025-01-28 | N/A | 7.5 HIGH |
| The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||